ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 387 discussion

Actual exam question from CompTIA's CS0-002
Question #: 387
Topic #: 1
[All CS0-002 Questions]

While investigating reports of issues with a web server, a security analyst attempts to log in remotely and receives the following message:



The analyst accesses the server console, and the following console messages are displayed:



The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:



Which of the following is the best step for the analyst to take next in this situation?

  • A. Load the network captures into a protocol analyzer to further investigate the communication with 128.50.100.23, as this may be a botnet command server.
  • B. After ensuring network captures from the server are saved, isolate the server from the network, take a memory snapshot, reboot, and log in to do further analysis.
  • C. Corporate data is being exfiltrated from the server. Reboot the server and log in to see if it contains any sensitive data.
  • D. Cryptomining malware is running on the server and utilizing all CPU and memory. Reboot the server and disable any cron jobs or startup scripts that start the mining software.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CyberCEH at May 20, 2023, 11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CyberCEH
Highly Voted 2 years, 1 month ago
Answer B
upvoted 7 times
...
kmordalv
Most Recent 1 year, 7 months ago
Selected Answer: B
markfu gives a valid answer as to why it cannot be the D... There is no indication that there is a Cryptomining malware. It is true that there is a process running but it may be due to a poorly planned process, for example or some other reason. The root cause should be investigated first and then fixed. Therefore the most logical answer is B
upvoted 1 times
...
SecurityGuyPP
1 year, 8 months ago
Selected Answer: B
B is the best answer. Isolate, backup, and then you can start analyze. You can't just assume it's crypto mining and start working on it.
upvoted 1 times
...
Big_Dre
1 year, 10 months ago
Selected Answer: B
it say next step not final step so looking at all the options i think B matches the request of the question,
upvoted 2 times
...
ProNerd
1 year, 11 months ago
Selected Answer: B
You can't sign into a server bc of resource usage and that means it's cryptomining? lol. Get it to a state where you can log in and do an analysis.
upvoted 1 times
...
HotWings8
1 year, 11 months ago
Answer D Explanation: Cryptomining malware can cause performance issues, increased energy consumption, overheating, or hardware damage1 The analyst encountered cryptomining malware on the web server, as indicated by the following signs: - analyst was unable to log in remotely or on the console, as the malware blocked access to prevent detection or removal. -The console messages showed that the server was running out of memory and CPU resources, as the malware consumed all available resources for mining. - The best step for the analyst to take next is to reboot the server and disable any cron jobs or startup scripts that start the mining software. This can help stop the mining activity and restore access to the server. The analyst should also scan the server for any other traces of malware and remove them
upvoted 1 times
markfu
1 year, 10 months ago
Answer B There's no any sign to indicate it is a cryptomining malware. "The console messages showed that the server was running out of memory and CPU resources"? No, only "running out of memory" posted there. You know cryptomining malware primarily consumes more CPU resources rather than memory. Ransomware that performs a large number of encryption operations also can lead to out of memory
upvoted 2 times
...
...
NBE
1 year, 12 months ago
Selected Answer: B
You need to analyse first
upvoted 2 times
...
kyky
2 years ago
Selected Answer: A
i go for A
upvoted 1 times
...
Dany_Suarez
2 years ago
Selected Answer: D
I found this: https://www.dumpspedia.com/cs0-002-comptia-cysap-certification-exam-cs0-002-dumps.html
upvoted 4 times
...
Dutch012
2 years ago
I think it's A. we need to identify the situation first, anyway, help is needed if someone can hear me!
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel