ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 113 discussion

Actual exam question from CompTIA's SY0-501
Question #: 113
Topic #: 1
[All SY0-501 Questions]

A systems administrator is reviewing the following information from a compromised server:

Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?

  • A. Apache
  • B. LSASS
  • C. MySQL
  • D. TFTP
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Basem at Aug. 6, 2019, 5:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Stefanvangent
Highly Voted 5 years, 9 months ago
Data Execution Prevention can prevent buffer overflow attacks so that rules out B and D. C only has a connection with the loopback address (127.0.0.1) So that only leave answer A.
upvoted 46 times
...
ckr8
Highly Voted 4 years, 11 months ago
DEP protects against buffer overflows and it is turned off on APACHE which also shows a remote connection.
upvoted 8 times
dieglhix
4 years, 8 months ago
This is the real answer
upvoted 1 times
...
...
who__cares123456789___
Most Recent 4 years, 5 months ago
DEP=DataExecutionPrevention...so only possible answers is HTTPd(apache) and SQL...eliminate SQL because it is butt dialing itself! Loopback Addy....APACHE FINAL ANSWER!
upvoted 4 times
ThePudding
4 years ago
...butt dialing itself. Funny funny. Let us know if you passed, huh?
upvoted 2 times
...
...
leesuh
4 years, 11 months ago
0.0.0.0 allows for any IP address to log in MySQL Local Address is set to ONLY that IP address being able to access remotely
upvoted 1 times
...
Brickell305
4 years, 11 months ago
My SQL is LoopHack and the only Option is Apache with DEP off
upvoted 1 times
...
Arduwyn
5 years, 7 months ago
DEP being enabled can prevent a buffer overflow but does not eliminate them entirely. I would think the answer would be D as the local address is set to a public IP of 191.168.1.10 which is not normal. Although I'm not entirely certain on this. Perhaps someone could shed some light on why this would have a public local address?
upvoted 1 times
Arduwyn
5 years, 7 months ago
After review I think the IP is a typo as it's not a valid public IP either.
upvoted 1 times
...
redondo310
5 years, 6 months ago
I'm not sure what command this came from but the format is related to some sort of routing table and specific to the process. the 0.0.0.0 Local addresses are default routes for those two processes LSASS/APACHE. 127.0.0.1 (loopback/localhost) routes only to itself. Then whatever interface 192.168.1.10 is tied to, routes outside to a remote address of 10.34.221.96. Totally valid to route a single ip to a destination. My take here is the keyword "buffer overflow". Googling DEP (Data Execution Prevention)(damage from viruses/threats), the two that are "no" are Apache and SQL. The MySql only routes to itself (localhost 127.0.0.1) so that is not it. It only leaves Apache.
upvoted 8 times
...
...
Basem
5 years, 10 months ago
Whay is it APACHE ? is that because of the DLP being NO ? Is DLP set to no meaning DLP did not detect a compromise or DLP is disabled ?
upvoted 1 times
...
Basem
5 years, 10 months ago
Is it A LSASS because of the local address being 0.0.0.0 ?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel