CompTIA Exam CV0-004 Topic 1 Question 17 Discussion

Actual exam question for CompTIA's CV0-004 exam

Question #: 17
Topic #: 1

The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:

Which of the following is the most likely root cause of this anomaly?

APrivilege escalation

BLeaked credentials

CCryptojacking

DDefaced website

Show Suggested Answer

Suggested Answer: A

The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg

by Nicolette at Aug 24, 2024, 02:34 AM

Limited Time Offer

25%

Off

Get Premium CV0-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Antonio

3 months ago

Cryptojacking, huh? Sounds like someone's trying to get rich quick. I'll go with Option C, the most likely culprit.

upvoted 0 times

...

Tarra

3 months ago

I think C) Cryptojacking is also a possibility, especially with the rise of cryptocurrency mining malware.

upvoted 0 times

...

Deonna

3 months ago

Wait, is this a trick question? I'd say the website's been defaced, but that's just me. Option D, please!

upvoted 0 times

Denise

2 months ago

I'm leaning towards privilege escalation. Option A.

upvoted 0 times

...

Robt

2 months ago

I'm not sure, but I think it could be cryptojacking. Option C.

upvoted 0 times

...

Nu

2 months ago

I agree with Nu, leaked credentials seem like a possible cause. Option B.

upvoted 0 times

...

Carline

2 months ago

I think it might be leaked credentials. Option B.

upvoted 0 times

...

Tawna

3 months ago

I agree with Tawna. Leaked credentials seems like the most likely root cause.

upvoted 0 times

...

Giuseppe

3 months ago

I think it's actually leaked credentials. Option B.

upvoted 0 times

...

Elise

3 months ago

I believe it could also be A) Privilege escalation, as that can lead to unauthorized access.

upvoted 0 times

...

Sherita

3 months ago

I agree with Elizabeth, leaked credentials could definitely cause this anomaly.

upvoted 0 times

...

Elizabeth

3 months ago

I think the most likely root cause is B) Leaked credentials.

upvoted 0 times

...

Mila

4 months ago

This reminds me of that time I tried to hack into my neighbor's Wi-Fi to stream the big game. Definitely going with Option C on this one.

upvoted 0 times

...

Jamie

4 months ago

I'm guessing the cloud engineer found some leaked creds that are being used for nefarious purposes. Option B seems legit.

upvoted 0 times

Abel

3 months ago

C) Cryptojacking

upvoted 0 times

...

Isidra

3 months ago

B) Leaked credentials

upvoted 0 times

...

Dawne

3 months ago

A) Privilege escalation

upvoted 0 times

...

Torie

4 months ago

Hmm, looks like someone's trying to mine some crypto on the company's dime. Option C is the way to go here.

upvoted 0 times

Chantay

3 months ago

Let's tighten our security measures to prevent this from happening again.

upvoted 0 times

...

Rosamond

3 months ago

We need to address this issue immediately.

upvoted 0 times

...

Kristel

3 months ago

Definitely, that's a clear case of cryptojacking.

upvoted 0 times

...

Emerson

3 months ago

I think someone is trying to mine crypto on our company's cloud instance.

upvoted 0 times

...