Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CV0-004 Exam - Topic 1 Question 17 Discussion

Actual exam question for CompTIA's CV0-004 exam
Question #: 17
Topic #: 1
[All CV0-004 Questions]

The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:

Which of the following is the most likely root cause of this anomaly?

Show Suggested Answer Hide Answer
Suggested Answer: A

The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg


by Nicolette at Aug 24, 2024, 02:34 AM

Limited Time Offer

25%

Off

Get Premium CV0-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lorean
4 months ago
A defaced website doesn't fit the anomaly description at all.
upvoted 0 times
...
Xochitl
5 months ago
Definitely surprised by the options, I expected something different!
upvoted 0 times
...
Mitzie
5 months ago
Cryptojacking seems a bit far-fetched for this scenario.
upvoted 0 times
...
Nicolette
5 months ago
I think it's more likely privilege escalation.
upvoted 0 times
...
Yuonne
5 months ago
Looks like leaked credentials could be the issue here.
upvoted 0 times
...
Dominque
6 months ago
I vaguely remember something about defaced websites, but I don't think that aligns with the anomaly reported by the IDS.
upvoted 0 times
...
Madalyn
6 months ago
Cryptojacking seems like a real threat these days, but I can't recall if it fits the symptoms we learned about.
upvoted 0 times
...
Moon
6 months ago
This question feels familiar; I think we covered leaked credentials in one of our review sessions. It could definitely be a possibility.
upvoted 0 times
...
Dottie
6 months ago
I remember studying privilege escalation in my last practice exam, but I'm not entirely sure if that's the right answer here.
upvoted 0 times
...
Merlyn
6 months ago
This is a tricky one, but I think I'd start by investigating the privilege escalation angle. The output seems to suggest an unauthorized user with elevated permissions, which is a common sign of a security breach.
upvoted 0 times
...
Gregoria
6 months ago
I'm leaning towards a defaced website scenario. The output doesn't seem to directly point to any of the other options, so this could be the most likely root cause.
upvoted 0 times
...
Benedict
6 months ago
Cryptojacking is a sneaky possibility here. The system activity might be related to mining cryptocurrency without the owner's knowledge.
upvoted 0 times
...
Ronny
6 months ago
Hmm, I'm not sure about this one. The output could also indicate a leaked credential issue, where someone has gained unauthorized access using stolen login info.
upvoted 0 times
...
Tresa
6 months ago
This looks like a classic privilege escalation attack. The output shows a user with elevated permissions, which is a clear sign of unauthorized access.
upvoted 0 times
...
Eugene
6 months ago
I've got this! Type 3 and Type 7 LSAs are the ones that get permuted in totally stubby areas. The other types are either not allowed or not affected.
upvoted 0 times
...
Brent
6 months ago
I'm a bit confused by the wording here. Does "comfortable air conditioners" mean something specific, or is this just asking about air conditioners in general?
upvoted 0 times
...
Antonio
2 years ago
Cryptojacking, huh? Sounds like someone's trying to get rich quick. I'll go with Option C, the most likely culprit.
upvoted 0 times
...
Tarra
2 years ago
I think C) Cryptojacking is also a possibility, especially with the rise of cryptocurrency mining malware.
upvoted 0 times
...
Deonna
2 years ago
Wait, is this a trick question? I'd say the website's been defaced, but that's just me. Option D, please!
upvoted 0 times
Denise
1 year ago
I'm leaning towards privilege escalation. Option A.
upvoted 0 times
...
Robt
2 years ago
I'm not sure, but I think it could be cryptojacking. Option C.
upvoted 0 times
...
Nu
2 years ago
I agree with Nu, leaked credentials seem like a possible cause. Option B.
upvoted 0 times
...
Carline
2 years ago
I think it might be leaked credentials. Option B.
upvoted 0 times
...
Tawna
2 years ago
I agree with Tawna. Leaked credentials seems like the most likely root cause.
upvoted 0 times
...
Giuseppe
2 years ago
I think it's actually leaked credentials. Option B.
upvoted 0 times
...
...
Elise
2 years ago
I believe it could also be A) Privilege escalation, as that can lead to unauthorized access.
upvoted 0 times
...
Sherita
2 years ago
I agree with Elizabeth, leaked credentials could definitely cause this anomaly.
upvoted 0 times
...
Elizabeth
2 years ago
I think the most likely root cause is B) Leaked credentials.
upvoted 0 times
...
Mila
2 years ago
This reminds me of that time I tried to hack into my neighbor's Wi-Fi to stream the big game. Definitely going with Option C on this one.
upvoted 0 times
...
Jamie
2 years ago
I'm guessing the cloud engineer found some leaked creds that are being used for nefarious purposes. Option B seems legit.
upvoted 0 times
Abel
2 years ago
C) Cryptojacking
upvoted 0 times
...
Isidra
2 years ago
B) Leaked credentials
upvoted 0 times
...
Dawne
2 years ago
A) Privilege escalation
upvoted 0 times
...
...
Torie
2 years ago
Hmm, looks like someone's trying to mine some crypto on the company's dime. Option C is the way to go here.
upvoted 0 times
Chantay
2 years ago
Let's tighten our security measures to prevent this from happening again.
upvoted 0 times
...
Rosamond
2 years ago
We need to address this issue immediately.
upvoted 0 times
...
Kristel
2 years ago
Definitely, that's a clear case of cryptojacking.
upvoted 0 times
...
Emerson
2 years ago
I think someone is trying to mine crypto on our company's cloud instance.
upvoted 0 times
...
...

Save Cancel