Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 52 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 52
Topic #: 1
[All CAS-004 Questions]

After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:

Which of the following is the most likely vulnerability that was exploited based on the log files?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


by Stephaine at May 29, 2024, 07:27 AM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jettie
14 days ago
Ah, the age-old battle between security and convenience. Guess they chose convenience this time around.
upvoted 0 times
...
Lanie
19 days ago
Wait, was the SSH password hashed? That's a bit concerning - hopefully, they weren't using a weak algorithm.
upvoted 0 times
Yvette
1 days ago
A) Directory traversal revealed the hashed SSH password, which was used to access the server.
upvoted 0 times
...
...
Simona
29 days ago
A reverse shell from a guessed root password? Yikes, someone really dropped the ball on security here.
upvoted 0 times
...
Carman
1 months ago
SQL injection? That's so 2010! I bet it's an outdated PHP plugin - those vulnerabilities can be tricky to spot.
upvoted 0 times
Brittani
1 days ago
User 3: D) An outdated third-party PHP plug-in was vulnerable to a known remote code execution
upvoted 0 times
...
Chauncey
4 days ago
User 2: I bet it's an outdated PHP plugin - those vulnerabilities can be tricky to spot.
upvoted 0 times
...
Francis
23 days ago
User 1: SQL injection? That's so 2010!
upvoted 0 times
...
...
Sheron
2 months ago
Hmm, the log files suggest a potential directory traversal vulnerability. I'll need to take a closer look at the specifics.
upvoted 0 times
Lauran
27 days ago
User 2: That's possible, but I believe the directory traversal vulnerability is more likely based on the log files.
upvoted 0 times
...
Alayna
28 days ago
User 1: I think the attacker exploited an outdated third-party PHP plug-in.
upvoted 0 times
...
...
Quentin
2 months ago
I'm not sure, but I think C) The root password being easily guessed is also a possibility.
upvoted 0 times
...
Dominga
2 months ago
I agree with Kristel, an outdated third-party PHP plug-in is a common target for attackers.
upvoted 0 times
...
Kristel
2 months ago
I think the most likely vulnerability that was exploited is D) An outdated third-party PHP plug-in was vulnerable to a known remote code execution.
upvoted 0 times
...

Save Cancel