Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CV0-004 Topic 6 Question 23 Discussion

Actual exam question for CompTIA's CV0-004 exam
Question #: 23
Topic #: 6
[All CV0-004 Questions]

The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:

Which of the following is the most likely root cause of this anomaly?

Show Suggested Answer Hide Answer
Suggested Answer: A

The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg


by Erasmo at Sep 14, 2024, 11:10 AM

Limited Time Offer

25%

Off

Get Premium CV0-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Alisha
3 months ago
Hah, I've seen this kind of thing before. Definitely Cryptojacking - the cloud engineer's probably gonna have a headache trying to get that sorted out.
upvoted 0 times
Reena
2 months ago
C) Cryptojacking
upvoted 0 times
...
Mee
2 months ago
B) Leaked credentials
upvoted 0 times
...
Annette
3 months ago
A) Privilege escalation
upvoted 0 times
...
...
Howard
4 months ago
Yikes, that's a lot of suspicious activity. I'd bet it's a privilege escalation attack, someone's trying to gain elevated access to the system.
upvoted 0 times
Ernestine
2 months ago
I don't think it's cryptojacking, the symptoms don't match.
upvoted 0 times
...
Salome
2 months ago
C) Cryptojacking
upvoted 0 times
...
Lenna
2 months ago
I think it could also be due to leaked credentials, that's a common issue.
upvoted 0 times
...
Audry
3 months ago
B) Leaked credentials
upvoted 0 times
...
Marlon
3 months ago
I agree, that seems like the most likely cause of the anomaly.
upvoted 0 times
...
Hui
3 months ago
A) Privilege escalation
upvoted 0 times
...
...
Terry
4 months ago
I'm not sure, but I think C) Cryptojacking could also be a possibility.
upvoted 0 times
...
Stephaine
4 months ago
I agree with Cassi. Leaked credentials could definitely cause this anomaly.
upvoted 0 times
...
Erin
4 months ago
Hmm, that looks like a lot of network traffic. I'd say it's more likely to be a case of leaked credentials, with some unauthorized access happening.
upvoted 0 times
...
Cassi
4 months ago
I think the most likely root cause is B) Leaked credentials.
upvoted 0 times
...
Gracia
4 months ago
I'm pretty sure it's Cryptojacking. That high CPU usage and memory usage is a classic sign of unauthorized cryptocurrency mining.
upvoted 0 times
Loreen
3 months ago
D) Defaced website
upvoted 0 times
...
Leah
3 months ago
C) Cryptojacking
upvoted 0 times
...
Osvaldo
3 months ago
B) Leaked credentials
upvoted 0 times
...
Bettyann
4 months ago
A) Privilege escalation
upvoted 0 times
...
...

Save Cancel