ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 303 discussion

Actual exam question from CompTIA's SY0-701
Question #: 303
Topic #: 1
[All SY0-701 Questions]

A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard pat. The web server is used to present an unauthenticated page to clients who upload images the company. An analyst notices a suspicious process running on the server hat was not created by the company development team. Which of the following is the most likely explanation for his security incident?

  • A. A web shell has been deployed to the server through the page.
  • B. A vulnerability has been exploited to deploy a worm to the server.
  • C. Malicious insiders are using the server to mine cryptocurrency.
  • D. Attackers have deployed a rootkit Trojan to the server over an exposed RDP port.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by a4e15bd at Aug. 14, 2024, 2:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bamboo1
Highly Voted 3 months ago
Selected Answer: A
This is so badly worded..
upvoted 22 times
...
a4e15bd
Highly Voted 7 months, 3 weeks ago
A. A web shell has been deployed to the server through the page. The shell would allow the attacker to gain unauthorized access and control over the server.
upvoted 7 times
...
9149f41
Most Recent 2 months ago
Selected Answer: A
The uploaded image file is actually a web shell.
upvoted 1 times
...
dbrowndiver
2 months, 1 week ago
Selected Answer: A
A company web server is initiating outbound traffic to a low-reputation, public IP on a non-standard port. The web server is used to present an unauthenticated page to clients who upload images. An analyst notices a suspicious process running on the server that was not created by the company development team. Which of the following is the most likely explanation for this security incident? o The web server allows image uploads from clients. If the file upload functionality is not secure (e.g., lacking file type validation or size checks), attackers could upload a malicious script disguised as an image. o The suspicious process observed by the analyst could be the result of a web shell that the attackers are using to control the server or initiate outbound traffic to a low-reputation IP. o The outbound traffic to a low-reputation public IP and use of a non-standard port are consistent with command-and-control (C2) communication often associated with web shell activity.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago