A security analyst is investigating a security breach.
Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username 'gotcha' and user ID of 0
Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Select TWO)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.BD.
The MOST likely attack vector in this scenario is a Backdoor. A backdoor is a method of bypassing normal authentication procedures to gain access to a computer or system. It allows an attacker to enter a system undetected, and modify files or steal sensitive information.
The tool the analyst should use to determine if the attack is still ongoing is Netstat. Netstat is a command-line tool used to display active network connections, open ports, and other network-related information. By using netstat, the analyst can see if there are any suspicious network connections or processes running on the affected host.
The other options provided are not as relevant to the scenario. A logic bomb is a piece of code that is programmed to execute under certain conditions, but it is not relevant to determining if the attack is still ongoing. A keylogger is a tool used to record keystrokes on a system, which is not relevant to the scenario provided. Tracert and Ping are network troubleshooting tools, but they are not useful in identifying an ongoing security breach.