Exam SY0-501 topic 1 question 843 discussion

I disagree. Should be RAT (remote access trojan) as per the hint in the description that the attacker gained C&C of the computer systems.

RAT is wrong because of this "file download from a social media site and subsequently installed it without the user's knowledge" . Trojan is hide a malware in something that the user is interesting to download. In this case the download happened without the user's knowledge. The only answer left after that is a BOT.

RAT (Remote Access Trojan): This type of malware allows an attacker to gain remote control over a victim's computer. In this case, the attacker gained administrative access through a file downloaded from a social media site and was able to control the systems and obtain sensitive information without the user's knowledge, which aligns perfectly with the characteristics of a RAT.

Its RAT (REMOTE ACCESS CONTROL)

obtaining sensitive corporate and personal employee information

A RAT seems more likely, it is a type of malware that was created to specifically do just that.

D. Remote access trojans(RATs) are malware designed to allow an attacker to remotely control an infected computer.

Key word .,computers... and ...command... A bot attack is simply can be described as all infected computers will act zombies commanded by the server all these individual not in the a computer collectively called bonnets. They work based on a certain command from the hackers who control,manage,and guide them Answer is A bot The term “bot” comes from the English word “robot”. Similar to mechanical robots, internet bots are programmed to perform specific repetitive tasks. To do so, they execute clearly defined commands through algorithms and scripts which they can do faster than any human could. Bots are thus computer programs that operate autonomously and automatically and do not depend on human input or supervision to perform their functions.

I have to go with D. "INITIAL EXPLOITATION In the initial exploitation phase (also referred to as weaponization), an exploit is used to gain some sort of access to the target's network. This initial exploitation might be accomplished using a phishing email and payload or by obtaining credentials via social engineering. PERSISTENCE Persistence refers to the tester's ability to reconnect to the compromised host and use it as a Remote Access Tool (RAT) or backdoor. To do this, the tester must establish a Command and Control (C2 or C&C) network to use to control the compromised host (upload tools and download data). The connection to the compromised host will typically require a malware executable to run and a connection to a network port and the attacker's IP address (or range of IP addresses) to be available. Persistence will be followed by further reconnaissance, where the pen tester attempts to map out the internal network and discover the services running on it and accounts configured to access it." Reference: COM501B

key words here: to take command and control which is what bot is,. It doesn't states remote connection.

A RAT allows for remote Administrative control of your system, the keywords here are "take command and control of computer systems anonymously" Answer is D

A bot is NOT a METHOD. A bot is a computer that is part of a botnet. The method used here is a RAT.

I found myself with an open mouth why it should be a BOT. I so much agree with all those who believe it should be a Remote Access Trojan aka RAT

A botnet basically is composed of two parts. On the one hand, there is the control panel, where the actions to be executed are centralized, and on the other hand there is the server, which is a small program that establishes the connection with the cybercriminal’s control center. So far it might look pretty much like a Trojan, as it is made up of a control panel and a server application. Additionally, its functions include the ability to steal files, upload applications, execute processes on victim hardware and, by means of a keylogger, capture every keystroke made on the keyboard.

The given answer is correct. The question can separate into two parts. Up to first compromise attacker use RAT (keywords: administrative, anonymously, install software). A compromised host is installed with one or more bots and these bots gain access and obtain the sensitive information (keywords: command and control)

HELP, what is the difference between RAT and BOT? lol

Given answer "Bot" is correct. DG's book P#276 , and keywords are "Without Users knowledge" and "Command and control"