ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 208 discussion

Actual exam question from CompTIA's SY0-701
Question #: 208
Topic #: 1
[All SY0-701 Questions]

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

  • A. Memory injection
  • B. Race condition
  • C. Side loading
  • D. SQL injection
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by a4e15bd at Aug. 8, 2024, 3:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
a4e15bd
Highly Voted 5 months ago
A is correct. Memory injection allows the attackers to inject malicious code directly into the memory of a running process which can then be used to execute arbitrary commands or generate unauthorized network traffic. Race Condition refers to two processes competing to modify the same resource which can lead to unpredictable behavior but is less likely to cause abnormal outbound traffic. Side Loading refers to loading a malicious DLL into a legitimate process. SQL injection involves injecting malicious SQL code into a database and is primarily concerned with database manipulation rather than generating outbound network traffic.
upvoted 14 times
Examplary
3 months, 1 week ago
Just a quick note: Your definition of side loading is incorrect. Side loading involves installing software from third party or unauthorized sources, typically involving mobile devices. What you described is actually a DLL Injection.
upvoted 10 times
...
...
jbmac
Most Recent 1 week, 6 days ago
Selected Answer: C
The correct answer is: C. Side loading Explanation: Side loading involves the unauthorized loading or execution of malicious code alongside legitimate software. In this scenario: The software is behaving abnormally and generating unexpected outbound traffic, which suggests it may have been compromised to execute additional, malicious code. Random high-port outbound traffic is a common indicator of malware or other unauthorized processes attempting to exfiltrate data or communicate with a command-and-control (C2) server.
upvoted 1 times
...
chalaka
1 month, 3 weeks ago
Selected Answer: A
A. Memory injection Memory injection vulnerabilities allow an attacker to manipulate the memory of a running application. This can lead to malicious behavior, such as executing arbitrary code or altering the application's normal operation. In this scenario, the abnormal behavior (outbound traffic over random high ports) suggests that the software has been compromised to execute unauthorized operations, which is characteristic of a memory injection exploit.
upvoted 2 times
...
Habbiti
2 months ago
The correct answer is C, side loading Side loading refers to a situation where software loads a malicious or unauthorized component or library (often from an untrusted source) instead of a legitimate one. In this case, the abnormal behavior (outbound traffic over random high ports) suggests that the application may have been compromised, and a malicious payload has been introduced, causing the software to behave unexpectedly. The random outbound traffic could indicate that the compromised software is now communicating with a command-and-control server or exfiltrating data.
upvoted 1 times
...
jafyyy
4 months, 3 weeks ago
A. Memory Injection
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago