Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam CV0-004 Topic 6 Question 23 Discussion

Actual exam question for CompTIA's CV0-004 exam
Question #: 23
Topic #: 6
[All CV0-004 Questions]

The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:

Which of the following is the most likely root cause of this anomaly?

Show Suggested Answer Hide Answer
Suggested Answer: A

The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg


Contribute your Thoughts:

Alisha
21 days ago
Hah, I've seen this kind of thing before. Definitely Cryptojacking - the cloud engineer's probably gonna have a headache trying to get that sorted out.
upvoted 0 times
...
Howard
25 days ago
Yikes, that's a lot of suspicious activity. I'd bet it's a privilege escalation attack, someone's trying to gain elevated access to the system.
upvoted 0 times
Audry
2 days ago
B) Leaked credentials
upvoted 0 times
...
Marlon
9 days ago
I agree, that seems like the most likely cause of the anomaly.
upvoted 0 times
...
Hui
14 days ago
A) Privilege escalation
upvoted 0 times
...
...
Terry
1 months ago
I'm not sure, but I think C) Cryptojacking could also be a possibility.
upvoted 0 times
...
Stephaine
1 months ago
I agree with Cassi. Leaked credentials could definitely cause this anomaly.
upvoted 0 times
...
Erin
1 months ago
Hmm, that looks like a lot of network traffic. I'd say it's more likely to be a case of leaked credentials, with some unauthorized access happening.
upvoted 0 times
...
Cassi
1 months ago
I think the most likely root cause is B) Leaked credentials.
upvoted 0 times
...
Gracia
2 months ago
I'm pretty sure it's Cryptojacking. That high CPU usage and memory usage is a classic sign of unauthorized cryptocurrency mining.
upvoted 0 times
Loreen
5 days ago
D) Defaced website
upvoted 0 times
...
Leah
6 days ago
C) Cryptojacking
upvoted 0 times
...
Osvaldo
20 days ago
B) Leaked credentials
upvoted 0 times
...
Bettyann
27 days ago
A) Privilege escalation
upvoted 0 times
...
...

Save Cancel