ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v10 All Questions

View all questions & answers for the 312-50v10 exam
Go to Exam

Exam 312-50v10 topic 1 question 148 discussion

Actual exam question from ECCouncil's 312-50v10
Question #: 148
Topic #: 1
[All 312-50v10 Questions]

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The "ps" command shows that the "nc" file is running as process, and the netstat command shows the "nc" process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

  • A. File system permissions
  • B. Privilege escalation
  • C. Directory traversal
  • D. Brute force login
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by certmonk at July 9, 2020, 2:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Neela
Highly Voted 7 months, 3 weeks ago
key word - anonymous user : To upload files the user must have proper write file permissions.
upvoted 8 times
...
certmonk
Highly Voted 10 months, 1 week ago
The answer should be B. File system permission is not a vulnerability. And unauthorized file system permission change may require to elevate the permission. A process is also running in this case which means that privileges were escalated to run 'nc'
upvoted 7 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago