試験CS0-003J トピック1 問題171 スレッド
CompTIA CS0-003Jのリアル試験問題集
問題 #: 171
トピック #: 1
問題 #: 171
トピック #: 1
ある会社が、Web サイトの改善のためにコンサルタントを雇いました。コンサルタントが去った後、Web 開発者が Web サイトでの異常なアクティビティに気づき、次のコードを含む疑わしいファイルをセキュリティ チームに送信しました。
コンサルタントは次のどれを実行しましたか?
バックドアを埋め込んだ
権限昇格の実装
クリックジャッキングの実装
Webサーバーにパッチを適用しました
コンサルタントは次のどれを実行しましたか?
バックドアを埋め込んだ
権限昇格の実装
クリックジャッキングの実装
Webサーバーにパッチを適用しました
おすすめの解答:
Implanted a backdoor.
A backdoor is a method that allows an unauthorized user to access a system or network without the permission or knowledge of the owner. A backdoor can be installed by exploiting a software vulnerability, by using malware, or by physically modifying the hardware or firmware of the device. A backdoor can be used for various malicious purposes, such as stealing data, installing malware, executing commands, or taking control of the system.
In this case, the consultant implanted a backdoor in the website by using an HTML and PHP code snippet that displays an image of a shutdown button and an alert message that says "Exit". However, the code also echoes the remote address of the server, which means that it sends the IP address of the visitor to the attacker. This way, the attacker can identify and target the visitors of the website and use their IP addresses to launch further attacks or gain access to their devices.
The code snippet is an example of a clickjacking attack, which is a type of interface-based attack that tricks a user into clicking on a hidden or disguised element on a webpage. However, clickjacking is not the main goal of the consultant, but rather a means to implant the backdoor. Therefore, option C is incorrect.
Option B is also incorrect because privilege escalation is an attack technique that allows an attacker to gain higher or more permissions than they are supposed to have on a system or network. Privilege escalation can be achieved by exploiting a software vulnerability, by using malware, or by abusing misconfigurations or weak access controls. However, there is no evidence that the consultant implemented privilege escalation on the website or gained any elevated privileges.
Option D is also incorrect because patching is a process of applying updates to software to fix errors, improve performance, or enhance security. Patching can prevent or mitigate various types of attacks, such as exploits, malware infections, or denial-of-service attacks. However, there is no indication that the consultant patched the web server or improved its security in any way.
Explanation:
The correct answer is
Reference:
1 What Is a Backdoor & How to Prevent Backdoor Attacks (2023)
2 What is Clickjacking? Tutorial & Examples | Web Security Academy
3 What Is Privilege Escalation and How It Relates to Web Security | Acunetix
4 What Is Patching? | Best Practices For Patch Management - cWatch Blog
A backdoor is a method that allows an unauthorized user to access a system or network without the permission or knowledge of the owner. A backdoor can be installed by exploiting a software vulnerability, by using malware, or by physically modifying the hardware or firmware of the device. A backdoor can be used for various malicious purposes, such as stealing data, installing malware, executing commands, or taking control of the system.
In this case, the consultant implanted a backdoor in the website by using an HTML and PHP code snippet that displays an image of a shutdown button and an alert message that says "Exit". However, the code also echoes the remote address of the server, which means that it sends the IP address of the visitor to the attacker. This way, the attacker can identify and target the visitors of the website and use their IP addresses to launch further attacks or gain access to their devices.
The code snippet is an example of a clickjacking attack, which is a type of interface-based attack that tricks a user into clicking on a hidden or disguised element on a webpage. However, clickjacking is not the main goal of the consultant, but rather a means to implant the backdoor. Therefore, option C is incorrect.
Option B is also incorrect because privilege escalation is an attack technique that allows an attacker to gain higher or more permissions than they are supposed to have on a system or network. Privilege escalation can be achieved by exploiting a software vulnerability, by using malware, or by abusing misconfigurations or weak access controls. However, there is no evidence that the consultant implemented privilege escalation on the website or gained any elevated privileges.
Option D is also incorrect because patching is a process of applying updates to software to fix errors, improve performance, or enhance security. Patching can prevent or mitigate various types of attacks, such as exploits, malware infections, or denial-of-service attacks. However, there is no indication that the consultant patched the web server or improved its security in any way.
Explanation:
The correct answer is
Reference:
1 What Is a Backdoor & How to Prevent Backdoor Attacks (2023)
2 What is Clickjacking? Tutorial & Examples | Web Security Academy
3 What Is Privilege Escalation and How It Relates to Web Security | Acunetix
4 What Is Patching? | Best Practices For Patch Management - cWatch Blog
田辺** 2026-03-12 08:28:01
コメント
他人の解答コメントを賛成するのも、その解答に一票を入れることになります。したがって、すでに同じ意見の投票コメントが存在する場合、新規コメントをする代わりに賛成することもできます。
コメントを通報する
コメント中
今すぐ 新規登録 / ログイン (無料です)。