The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:
Which of the following is the most likely root cause of this anomaly?
The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg
Alisha
21 days agoHoward
25 days agoAudry
2 days agoMarlon
9 days agoHui
14 days agoTerry
1 months agoStephaine
1 months agoErin
1 months agoCassi
1 months agoGracia
2 months agoLoreen
5 days agoLeah
6 days agoOsvaldo
20 days agoBettyann
27 days ago