ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 382 discussion

Actual exam question from CompTIA's CS0-003
Question #: 382
Topic #: 1
[All CS0-003 Questions]

During normal security monitoring activities, the following activity was observed:

cd C:\Users\Documents\HR\Employees
takeown/f .*
SUCCESS:

Which of the following best describes the potentially malicious activity observed?

  • A. Registry changes or anomalies
  • B. Data exfiltration
  • C. Unauthorized privileges
  • D. File configuration changes
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Wolf541 at Jan. 23, 2025, 7:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ada26b1
2 weeks, 6 days ago
Selected Answer: C
C. Unauthorized privileges Here's why: The command takeown /f .* is used to take ownership of files or directories in Windows. Specifically: takeown /f ./* allows a user to take ownership of files within the directory specified (C:\Users\Documents\HR\Employees in this case). takeown is a command-line utility that allows a user to take ownership of files or folders that they do not have permissions to access, which is often used by administrators but can also be used by malicious actors to escalate privileges.
upvoted 1 times
...
Wolf541
2 months, 3 weeks ago
Selected Answer: C
That command allows the user to take ownership of all the files in that file directory allowing them to preform unauthorized privileges
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago