ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 268 discussion

Actual exam question from CompTIA's CS0-002
Question #: 268
Topic #: 1
[All CS0-002 Questions]

During a routine review of service restarts, a security analyst observes the following in a server log:



Which of the following is the GREATEST security concern?

  • A. The daemon's binary was changed.
  • B. Four consecutive days of monitoring are skipped in the log.
  • C. The process identifiers for the running service change.
  • D. The PIDs are continuously changing.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by gnnggnnggnng at Feb. 3, 2023, 10:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gnnggnnggnng
Highly Voted 2 years, 2 months ago
Selected Answer: A
A. The daemon's binary was changed. The greatest security concern, based on the log entries, is that the daemon's binary has been changed. The entries show that the MD5 hash value of the binary file "ircd.exe" changed from 1FD92EA11890CD4B7A85133FF780EB09 to 90EB29AE33DFA9AA00B16788934801EF between April 18 and April 22. A change in the hash value indicates that the binary file has been altered in some way. This is a red flag for security as it could mean that an attacker has replaced the original binary with a malicious one, or that an otherwise trusted software update was made to introduce a vulnerability. The security analyst should investigate this change further to determine the cause and assess any potential impact.
upvoted 5 times
...
TheStudiousPeepz
Most Recent 2 years, 1 month ago
That hash do be changing tho... Answer is A
upvoted 3 times
...
db97
2 years, 2 months ago
PIDs can change if they are executed on different days, the timestamps do not belong to the monitoring time but to the date/time when the process was executed. Going with A here due to the most obvious here is that binary file changed somehow because of the difference with the hash.
upvoted 2 times
2Fish
2 years, 1 month ago
Agree. A is the best answer here.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago