The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:
Which of the following is the most likely root cause of this anomaly?
The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg
Antonio
8 months agoTarra
8 months agoDeonna
8 months agoDenise
7 months agoRobt
7 months agoNu
7 months agoCarline
8 months agoTawna
8 months agoGiuseppe
8 months agoElise
8 months agoSherita
8 months agoElizabeth
8 months agoMila
9 months agoJamie
9 months agoAbel
8 months agoIsidra
8 months agoDawne
8 months agoTorie
9 months agoChantay
8 months agoRosamond
8 months agoKristel
8 months agoEmerson
8 months ago