Suspecting the system may be compromised, the analyst runs the following commands:

CS0-002

Last Post by Mikel 2 years ago

1 Posts

1 Users

0 Likes

231 Views

RSS

Mikel

(@palomamikel)

Noble Member

Joined: 2 years ago

Posts: 733

Topic starter 10/07/2022 3:52 pm

A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.

Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

A . Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
B . Examine the server logs for further indicators of compromise of a web application.
C . Run kill -9 1325 to bring the load average down so the server is usable again.
D . Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.

Show Answer Hide Answer

Suggested Answer: B

Quote

Topic Tags

CompTIA CySA+

Latest CompTIA CS0-002 Dumps Valid Version

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PDF

Forum Jump:

Previous Topic

Next Topic