CompTIA Exam CAS-004 Topic 1 Question 52 Discussion

Actual exam question for CompTIA's CAS-004 exam

Question #: 52
Topic #: 1

After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:

Which of the following is the most likely vulnerability that was exploited based on the log files?

ADirectory traversal revealed the hashed SSH password, which was used to access the server.

BA SQL injection was used during the ordering process to compromise the database server

CThe root password was easily guessed and used as a parameter lo open a reverse shell

DAn outdated third-party PHP plug-in was vulnerable to a known remote code execution

Show Suggested Answer

Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.

by Stephaine at May 29, 2024, 07:27 AM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF