ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 550 discussion

Actual exam question from CompTIA's SY0-601
Question #: 550
Topic #: 1
[All SY0-601 Questions]

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

  • A. The end user changed the file permissions.
  • B. A cryptographic collision was detected.
  • C. A snapshot of the file system was taken.
  • D. A rootkit was deployed.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ApplebeesWaiter1122 at July 28, 2023, 1:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ApplebeesWaiter1122
Highly Voted 1 year, 9 months ago
Selected Answer: D
When a file integrity monitoring tool detects a change in the hash of a critical system file like "cmd.exe," it could indicate that a rootkit has been deployed. Rootkits are malicious software designed to hide their presence on a system by modifying critical files and processes, including system utilities like "cmd.exe." By changing the hash of the file, the rootkit aims to evade detection by security tools that rely on file integrity checks. Rootkits often have the capability to tamper with system logs and other monitoring mechanisms, making them difficult to detect using traditional methods.
upvoted 18 times
...
touisuzuki
Most Recent 1 year, 7 months ago
Selected Answer: D
A file integrity monitoring tool is designed to monitor changes to critical system files and alert administrators when unauthorized changes occur. The alert specifically mentions that the hash of the cmd.exe file has changed. This file is a critical system file associated with the Windows command-line interface. The fact that no patches were applied in the last two months suggests that the change in the file hash was not a result of a legitimate update or patch. Cryptographic collisions are extremely rare events and typically not the cause of a file's hash suddenly changing. Cryptographic collisions would affect the integrity of a wide range of files, not just a specific system file. Taking a snapshot of the file system (e.g., for backup purposes) would not typically cause a change in the hash of a specific file like cmd.exe.
upvoted 4 times
...
sujon_london
1 year, 7 months ago
Selected Answer: D
A rootkit is a type of malware that gives the attacker root-level access to a system. Root-level access allows the attacker to control the system and install other malware. When a rootkit is deployed, it can modify the file system, including the hash of the cmd.exe file. A: The end user changing the file permissions would not change the hash of the file. B: A cryptographic collision is a rare event that occurs when two different files have the same hash. This is not likely to happen in this case. C: Taking a snapshot of the file system would not change the hash of the cmd.exe file.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago