CompTIA Security+ (SY0-701) — Question 293

A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?

Answer options

• A. A spraying attack was used to determine which credentials to use.
• B. A packet capture tool was used to steal the password.
• C. A remote-access Trojan was used to install the malware.
• D. A dictionary attack was used to log in as the server administrator.

Correct answer: B

Explanation

The correct answer is B because Telnet transmits data, including passwords, in plain text, making it susceptible to interception by a packet capture tool. Options A and D describe methods of guessing passwords rather than capturing them, while C suggests the malware was installed by a Trojan, which does not directly relate to the use of Telnet for credential theft.