CompTIA Security+ (SY0-601) — Question 310

A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?

Answer options

• A. A spraying attack was used to determine which credentials to use
• B. A packet capture tool was used to steal the password
• C. A remote-access Trojan was used to install the malware
• D. A dictionary attack was used to log in as the server administrator

Correct answer: B

Explanation

The correct answer is B because Telnet transmits data, including passwords, in plain text, making it vulnerable to interception by packet capture tools. Options A and D describe methods of guessing credentials, which do not directly relate to the use of Telnet for password theft, while C suggests a different type of malware that does not inherently involve credential theft via Telnet.