ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 38 discussion

Actual exam question from CompTIA's SY0-701
Question #: 38
Topic #: 1
[All SY0-701 Questions]

A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

  • A. The end user changed the file permissions.
  • B. A cryptographic collision was detected.
  • C. A snapshot of the file system was taken.
  • D. A rootkit was deployed.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Mehsotopes at May 9, 2024, 3:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Penguin1730
Highly Voted 11 months ago
D. A rootkit was deployed. A change in the hash of a critical system file like cmd.exe, without any corresponding patches or updates being applied, is a strong indicator of potential malicious activity. A rootkit is a type of malware that can modify system files and hide its presence to maintain persistent and privileged access to a system. If a rootkit has altered cmd.exe, it could be an attempt to replace the legitimate command prompt with a malicious version, or to modify its behavior for nefarious purposes. This is a serious security concern and should be investigated immediately.
upvoted 18 times
...
Mehsotopes
Highly Voted 11 months, 1 week ago
Selected Answer: D
A rootkit can be snuck into a system, & provide functions for an attacker to tamper with system configuration settings without the knowledge of owners, or system administrators.
upvoted 5 times
...
dbrowndiver
Most Recent 8 months, 2 weeks ago
Selected Answer: D
o The hash change of a critical system file like cmd.exe without authorized patches indicates potential malware activity, with rootkits being a prime suspect due to their method of operation.
upvoted 2 times
...
SHADTECH123
11 months ago
Selected Answer: D
Changes to the hash of system files, such as cmd.exe, without corresponding patching activity, are often indicative of unauthorized modifications, such as those caused by malware or rootkits. Rootkits are malicious software designed to conceal their presence or the presence of other malware on a system. They often modify system files like cmd.exe to maintain persistence and evade detection.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago