CompTIA Exam CV0-004 Topic 6 Question 23 Discussion

Actual exam question for CompTIA's CV0-004 exam

Question #: 23
Topic #: 6

The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:

Which of the following is the most likely root cause of this anomaly?

APrivilege escalation

BLeaked credentials

CCryptojacking

DDefaced website

Show Suggested Answer

Suggested Answer: A

The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg

by Erasmo at Sep 14, 2024, 11:10 AM

Limited Time Offer

25%

Off

Get Premium CV0-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alisha

2 months ago

Hah, I've seen this kind of thing before. Definitely Cryptojacking - the cloud engineer's probably gonna have a headache trying to get that sorted out.

upvoted 0 times