An information security specialist is reviewing the following output from a Linux server.
Based on the above information, which of the following types of malware was installed on the server? /local/
A. Logic bomb
B. Trojan
C. Backdoor
D. Ransomware
E. Rootkit
Yes, agreed. Definitely a logic bomb, as it is greping for the username joeuser from /etc/passwd (Linux password file). Once the account is gone the / (root directory) will be gone (deleted rm -rf ). The -rf => recurcive and force deletion do not stop and ask questions.
These questions are much easier from the ones on the exam. I suggest this website for ones that are closer to the difficulty of the ones on the exam :
http://comptiaexamtest.com/Security+SY0-501/
I’d like to get clarification on this as well. It seems like that’s the case but i’m not that familiar with the if ! grep part.
Logic bomb.
It’s a job scheduled in crontab to check if the user exists. If not, it blows up the root directory.