Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 52 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 52
Topic #: 1
[All CAS-004 Questions]

After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:

Which of the following is the most likely vulnerability that was exploited based on the log files?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


by Stephaine at May 29, 2024, 07:27 AM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jettie
1 months ago
Ah, the age-old battle between security and convenience. Guess they chose convenience this time around.
upvoted 0 times
Lavonna
1 days ago
C) The root password was easily guessed and used as a parameter lo open a reverse shell
upvoted 0 times
...
Kris
8 days ago
B) A SQL injection was used during the ordering process to compromise the database server
upvoted 0 times
...
Bonita
17 days ago
A) Directory traversal revealed the hashed SSH password, which was used to access the server.
upvoted 0 times
...
...
Lanie
2 months ago
Wait, was the SSH password hashed? That's a bit concerning - hopefully, they weren't using a weak algorithm.
upvoted 0 times
Merilyn
20 days ago
D) An outdated third-party PHP plug-in was vulnerable to a known remote code execution
upvoted 0 times
...
Filiberto
27 days ago
Wait, was the SSH password hashed? That's a bit concerning - hopefully, they weren't using a weak algorithm.
upvoted 0 times
...
Yvette
28 days ago
A) Directory traversal revealed the hashed SSH password, which was used to access the server.
upvoted 0 times
...
...
Simona
2 months ago
A reverse shell from a guessed root password? Yikes, someone really dropped the ball on security here.
upvoted 0 times
Janna
15 days ago
Definitely, they should have been more proactive in updating their software to prevent known vulnerabilities.
upvoted 0 times
...
Alfred
16 days ago
I agree, using a guessed root password is a huge risk. They need to update their security measures.
upvoted 0 times
...
Tonja
20 days ago
That's a major security oversight. They should have had stronger password policies in place.
upvoted 0 times
...
...
Carman
2 months ago
SQL injection? That's so 2010! I bet it's an outdated PHP plugin - those vulnerabilities can be tricky to spot.
upvoted 0 times
Brittani
28 days ago
User 3: D) An outdated third-party PHP plug-in was vulnerable to a known remote code execution
upvoted 0 times
...
Chauncey
1 months ago
User 2: I bet it's an outdated PHP plugin - those vulnerabilities can be tricky to spot.
upvoted 0 times
...
Francis
2 months ago
User 1: SQL injection? That's so 2010!
upvoted 0 times
...
...
Sheron
3 months ago
Hmm, the log files suggest a potential directory traversal vulnerability. I'll need to take a closer look at the specifics.
upvoted 0 times
Lauran
2 months ago
User 2: That's possible, but I believe the directory traversal vulnerability is more likely based on the log files.
upvoted 0 times
...
Alayna
2 months ago
User 1: I think the attacker exploited an outdated third-party PHP plug-in.
upvoted 0 times
...
...
Quentin
3 months ago
I'm not sure, but I think C) The root password being easily guessed is also a possibility.
upvoted 0 times
...
Dominga
3 months ago
I agree with Kristel, an outdated third-party PHP plug-in is a common target for attackers.
upvoted 0 times
...
Kristel
3 months ago
I think the most likely vulnerability that was exploited is D) An outdated third-party PHP plug-in was vulnerable to a known remote code execution.
upvoted 0 times
...

Save Cancel