Exam SY0-601 topic 1 question 452 discussion

In this scenario, it is most likely that B. A packet capture tool was used to steal the password. Telnet is an unencrypted protocol that sends data, including login credentials, in clear text over the network. This means that anyone with access to the network traffic can use a packet capture tool to intercept and read the login credentials. In this case, an attacker could have used a packet capture tool to steal the server administrator’s password and then used it to log in and install the malicious software on the server.

Telnet sends login credentials in plain text format, which makes them vulnerable to interception and unauthorized access. Attackers can use packet capture tools to capture network traffic and steal login credentials. In this case, it is likely that an attacker used a packet capture tool to capture the server administrator's Telnet login credentials and then used them to install the malicious software.

Option B is correct

Option B. Telnet doesn't encrypt the traffic.

Key point is "using the server administrator's credentials". Credentials were stolen. Telnet sessions between the client and the server are not encrypted without a workaround. So those with access to the TCP/IP packet flow between hosts can observe all of the traffic, listen in, and record potentially sensitive information like logins and passwords of users connecting to the Telnet server.

While it’s possible that a packet capture tool could capture login credentials, including passwords, during Telnet sessions, the scenario described in the question focuses on the installation of malicious software using the server administrator’s credentials. The use of Telnet by itself doesn’t necessarily imply that a packet capture tool was used to steal the password, as Telnet is an inherently insecure protocol that transmits data, including login credentials, in plaintext. In this case, it’s more likely that the malicious software was installed after the attacker gained unauthorized access to the server, possibly using the server administrator’s credentials, and not specifically through the interception of Telnet login credentials. Therefore, while packet capture tools can capture login credentials, the question’s emphasis appears to be on the installation of malware after unauthorized access was gained, making option C (a remote-access Trojan) a more suitable choice for the described scenario.

In this case, the server administrator mentioned that Telnet was regularly used to log in. Telnet is an unencrypted remote access protocol that sends login credentials in plain text over the network. This makes it susceptible to interception and unauthorized access. A remote-access Trojan (RAT) is a type of malware that allows an attacker to gain unauthorized access to a system. It can be used to control the compromised server remotely, install additional malware, steal sensitive information, or carry out malicious activities. If the server administrator used Telnet regularly and the malware was installed using their credentials, it suggests that a remote-access Trojan might have been employed to gain unauthorized access and install the malware on the server. The other options listed are less likely given the information provided:

-B is correct The use of Telnet by the server administrator suggests that the credentials were transmitted in cleartext, which means that they could have been intercepted by an attacker who was monitoring the network traffic. Therefore, the most likely scenario is that: B. A packet capture tool was used to steal the password