Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 52 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 52
Topic #: 1
[All CAS-004 Questions]

After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:

Which of the following is the most likely vulnerability that was exploited based on the log files?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


by Stephaine at May 29, 2024, 07:27 AM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jettie
23 days ago
Ah, the age-old battle between security and convenience. Guess they chose convenience this time around.
upvoted 0 times
...
Lanie
28 days ago
Wait, was the SSH password hashed? That's a bit concerning - hopefully, they weren't using a weak algorithm.
upvoted 0 times
Merilyn
2 days ago
D) An outdated third-party PHP plug-in was vulnerable to a known remote code execution
upvoted 0 times
...
Filiberto
9 days ago
Wait, was the SSH password hashed? That's a bit concerning - hopefully, they weren't using a weak algorithm.
upvoted 0 times
...
Yvette
10 days ago
A) Directory traversal revealed the hashed SSH password, which was used to access the server.
upvoted 0 times
...
...
Simona
1 months ago
A reverse shell from a guessed root password? Yikes, someone really dropped the ball on security here.
upvoted 0 times
Tonja
2 days ago
That's a major security oversight. They should have had stronger password policies in place.
upvoted 0 times
...
...
Carman
1 months ago
SQL injection? That's so 2010! I bet it's an outdated PHP plugin - those vulnerabilities can be tricky to spot.
upvoted 0 times
Brittani
10 days ago
User 3: D) An outdated third-party PHP plug-in was vulnerable to a known remote code execution
upvoted 0 times
...
Chauncey
13 days ago
User 2: I bet it's an outdated PHP plugin - those vulnerabilities can be tricky to spot.
upvoted 0 times
...
Francis
1 months ago
User 1: SQL injection? That's so 2010!
upvoted 0 times
...
...
Sheron
2 months ago
Hmm, the log files suggest a potential directory traversal vulnerability. I'll need to take a closer look at the specifics.
upvoted 0 times
Lauran
1 months ago
User 2: That's possible, but I believe the directory traversal vulnerability is more likely based on the log files.
upvoted 0 times
...
Alayna
1 months ago
User 1: I think the attacker exploited an outdated third-party PHP plug-in.
upvoted 0 times
...
...
Quentin
2 months ago
I'm not sure, but I think C) The root password being easily guessed is also a possibility.
upvoted 0 times
...
Dominga
2 months ago
I agree with Kristel, an outdated third-party PHP plug-in is a common target for attackers.
upvoted 0 times
...
Kristel
2 months ago
I think the most likely vulnerability that was exploited is D) An outdated third-party PHP plug-in was vulnerable to a known remote code execution.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77