A server administrator is investigating an application server that is creating unauthorized user accounts with administrative privileges. Anti-malware scans are clean, and all system patches are current. During a network traffic analysis, the administrator discovers that sending a specifically crafted sequence of packets to a high, undocumented port on the server grants a remote shell without requiring authentication. Which of the following security risks has been identified?
The correct answer is a backdoor. A backdoor is a covert method for bypassing normal authentication or other security controls on a computer system. The scenario describes a classic backdoor: an undocumented, hidden entry point (the specific sequence of packets to a high port) that grants privileged access while circumventing the standard authentication mechanisms.
A zero-day exploit is incorrect because it involves taking advantage of a previously unknown vulnerability in software. While a backdoor could be installed via a zero-day exploit, the persistent access mechanism itself, which is the focus of the scenario, is the backdoor.
An insider threat refers to a security risk originating from within the organization, such as a malicious employee. Although an insider might have installed the backdoor, the technical risk identified on the server is the backdoor itself, not the actor who placed it there.
Social engineering is incorrect as it is the practice of manipulating people into divulging confidential information or performing actions. This is often a method to gain initial access to install something like a backdoor, but it is not the technical mechanism described.