ExamGecko
Search Search Login
Home Home / ECCouncil / ICS-SCADA Cyber Security
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How many IPsec rules are there in Microsoft Firewall configuration?
What is used in the Modbus protocol to tell the slave to read or write?
Which of the IEC 62443 security levels is identified by a hacktivist/terrorist target?
Which of the following names represents inbound filtering?
What is the maximum size in bytes of an ethernet packet?
What form of attack uses a vector that infects a software package?
What version of SMB did the WannaCry ransomware attack?
What is the size in bytes of the TCP sequence number in the header?
What is the size of the AH in bits with respect to width?
Which component of the IT Security Model is usually the least priority in ICS/SCADA Security?

Question 41 - ICS-SCADA Cyber Security discussion

Report
Export

What share does the WannaCry ransomware use to connect with the target?

A.
$IPC
Answers
A.
$IPC
B.
$Admin
Answers
B.
$Admin
C.
$SPOOL
Answers
C.
$SPOOL
D.
$C
Answers
D.
$C
Suggested answer: A

Explanation:

The WannaCry ransomware utilizes the $IPC (Inter-Process Communication) share to connect with and infect target machines. This hidden network share supports the operation of named pipes, which facilitates the communication necessary for WannaCry to execute its payload across networks.

Reference:

CISA Analysis Report, 'WannaCry Ransomware'.

WannaCry ransomware uses the SMB (Server Message Block) protocol to propagate through networks and connect to target systems. Specifically, it exploits a vulnerability in SMBv1, known as EternalBlue (MS17-010).

IPC Share: The $IPC (Inter-Process Communication) share is a hidden administrative share used for inter-process communication. WannaCry uses this share to gain access to other machines on the network.

SMB Exploitation: By exploiting the SMB vulnerability, WannaCry can establish a connection to the $IPC share, allowing it to execute the payload on the target machine.

Propagation: Once connected, it deploys the DoublePulsar backdoor and then spreads the ransomware payload.

Given these details, the correct answer is $IPC.

Reference

'WannaCry Ransomware Attack,' Wikipedia, WannaCry.

'MS17-010: Security Update for Windows SMB Server,' Microsoft, MS17-010.

Show Answer
asked 18/09/2024
Alexander Goris
28 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms