New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CV0-004 Exam - Topic 1 Question 17 Discussion

Actual exam question for CompTIA's CV0-004 exam
Question #: 17
Topic #: 1
[All CV0-004 Questions]

The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:

Which of the following is the most likely root cause of this anomaly?

Show Suggested Answer Hide Answer
Suggested Answer: A

The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg


by Nicolette at Aug 24, 2024, 02:34 AM

Limited Time Offer

25%

Off

Get Premium CV0-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lorean
3 months ago
A defaced website doesn't fit the anomaly description at all.
upvoted 0 times
...
Xochitl
3 months ago
Definitely surprised by the options, I expected something different!
upvoted 0 times
...
Mitzie
3 months ago
Cryptojacking seems a bit far-fetched for this scenario.
upvoted 0 times
...
Nicolette
4 months ago
I think it's more likely privilege escalation.
upvoted 0 times
...
Yuonne
4 months ago
Looks like leaked credentials could be the issue here.
upvoted 0 times
...
Dominque
4 months ago
I vaguely remember something about defaced websites, but I don't think that aligns with the anomaly reported by the IDS.
upvoted 0 times
...
Madalyn
4 months ago
Cryptojacking seems like a real threat these days, but I can't recall if it fits the symptoms we learned about.
upvoted 0 times
...
Moon
4 months ago
This question feels familiar; I think we covered leaked credentials in one of our review sessions. It could definitely be a possibility.
upvoted 0 times
...
Dottie
5 months ago
I remember studying privilege escalation in my last practice exam, but I'm not entirely sure if that's the right answer here.
upvoted 0 times
...
Merlyn
5 months ago
This is a tricky one, but I think I'd start by investigating the privilege escalation angle. The output seems to suggest an unauthorized user with elevated permissions, which is a common sign of a security breach.
upvoted 0 times
...
Gregoria
5 months ago
I'm leaning towards a defaced website scenario. The output doesn't seem to directly point to any of the other options, so this could be the most likely root cause.
upvoted 0 times
...
Benedict
5 months ago
Cryptojacking is a sneaky possibility here. The system activity might be related to mining cryptocurrency without the owner's knowledge.
upvoted 0 times
...
Ronny
5 months ago
Hmm, I'm not sure about this one. The output could also indicate a leaked credential issue, where someone has gained unauthorized access using stolen login info.
upvoted 0 times
...
Tresa
5 months ago
This looks like a classic privilege escalation attack. The output shows a user with elevated permissions, which is a clear sign of unauthorized access.
upvoted 0 times
...
Eugene
5 months ago
I've got this! Type 3 and Type 7 LSAs are the ones that get permuted in totally stubby areas. The other types are either not allowed or not affected.
upvoted 0 times
...
Brent
5 months ago
I'm a bit confused by the wording here. Does "comfortable air conditioners" mean something specific, or is this just asking about air conditioners in general?
upvoted 0 times
...
Antonio
1 year ago
Cryptojacking, huh? Sounds like someone's trying to get rich quick. I'll go with Option C, the most likely culprit.
upvoted 0 times
...
Tarra
1 year ago
I think C) Cryptojacking is also a possibility, especially with the rise of cryptocurrency mining malware.
upvoted 0 times
...
Deonna
1 year ago
Wait, is this a trick question? I'd say the website's been defaced, but that's just me. Option D, please!
upvoted 0 times
Denise
1 year ago
I'm leaning towards privilege escalation. Option A.
upvoted 0 times
...
Robt
1 year ago
I'm not sure, but I think it could be cryptojacking. Option C.
upvoted 0 times
...
Nu
1 year ago
I agree with Nu, leaked credentials seem like a possible cause. Option B.
upvoted 0 times
...
Carline
1 year ago
I think it might be leaked credentials. Option B.
upvoted 0 times
...
Tawna
1 year ago
I agree with Tawna. Leaked credentials seems like the most likely root cause.
upvoted 0 times
...
Giuseppe
1 year ago
I think it's actually leaked credentials. Option B.
upvoted 0 times
...
...
Elise
1 year ago
I believe it could also be A) Privilege escalation, as that can lead to unauthorized access.
upvoted 0 times
...
Sherita
1 year ago
I agree with Elizabeth, leaked credentials could definitely cause this anomaly.
upvoted 0 times
...
Elizabeth
1 year ago
I think the most likely root cause is B) Leaked credentials.
upvoted 0 times
...
Mila
2 years ago
This reminds me of that time I tried to hack into my neighbor's Wi-Fi to stream the big game. Definitely going with Option C on this one.
upvoted 0 times
...
Jamie
2 years ago
I'm guessing the cloud engineer found some leaked creds that are being used for nefarious purposes. Option B seems legit.
upvoted 0 times
Abel
1 year ago
C) Cryptojacking
upvoted 0 times
...
Isidra
1 year ago
B) Leaked credentials
upvoted 0 times
...
Dawne
1 year ago
A) Privilege escalation
upvoted 0 times
...
...
Torie
2 years ago
Hmm, looks like someone's trying to mine some crypto on the company's dime. Option C is the way to go here.
upvoted 0 times
Chantay
1 year ago
Let's tighten our security measures to prevent this from happening again.
upvoted 0 times
...
Rosamond
1 year ago
We need to address this issue immediately.
upvoted 0 times
...
Kristel
1 year ago
Definitely, that's a clear case of cryptojacking.
upvoted 0 times
...
Emerson
1 year ago
I think someone is trying to mine crypto on our company's cloud instance.
upvoted 0 times
...
...

Save Cancel