2. 计算机
  3. The following scenario will be used for questions 29 and 30. John is a network administrator and has been told by one of his net

The following scenario will be used for questions 29 and 30. John is a network administrator and has been told by one of his net

admin2013-12-19  79
问题 The following scenario will be used for questions 29 and 30.
John is a network administrator and has been told by one of his network staff members that two servers on the network have recently had suspicious traffic traveling to them and then from them in a sporadic manner. The traffic has been mainly ICMP, but the patterns were unusual compared to other servers over the last 30 days. John lists the directories and subdirectories on the systems and finds nothing unusual. He inspects the running processes and again finds nothing suspicious. He sees that the systems’ NICs are not in promiscuous mode, so he is assured that sniffers have not been planted.
Which of the following describes the most likely situation as described in this scenario?
选项 A、Servers are not infected, but the traffic illustrates attack attempts.
B、Servers have been infected with rootkits.
C、Servers are vulnerable and need to be patched.
D、Servers have been infected by spyware.
答案B
解析 B正确。一旦取得了某个访问等级,攻击者就可以上传一大堆工具,即rootkit。rootkit是实现了隐身能力,即为了隐藏某些进程或程序的存在性,而设计的程序。对rootkit进行检测非常困难,因为rootkit能够破坏打算找到该rootkit的软件。A不正确。因为从这个场景中描述的情况看,该系统很有可能被病毒感染了。ICMP流量可能是攻击者和被破坏的系统之间发送的命令和状态数据。
C不正确。因为这不是最佳答案。服务器可能很脆弱,需要打补丁,但这并不是本题所问。打补丁也不会根除受感染系统中的rootkit。
D不正确。因为这不是最佳答案。这个场景很好地描述了安装了rootkit的情况。间谍软件可能是rootkit的一个组成部分,但是特洛伊木马的文件很有可能已经被安装了,而这只可能使用rootkit实现,而不是恶意软件。
转载请注明原文地址:https://kaotiyun.com/show/0AhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)