ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 15 discussion

Actual exam question from CompTIA's CAS-003
Question #: 15
Topic #: 1
[All CAS-003 Questions]

A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:

Which of the following does the log sample indicate? (Choose two.)

  • A. A root user performed an injection attack via kernel module
  • B. Encrypted payroll data was successfully decrypted by the attacker
  • C. Jsmith successfully used a privilege escalation attack
  • D. Payroll data was exfiltrated to an attacker-controlled host
  • E. Buffer overflow in memory paging caused a kernel panic
  • F. Syslog entries were lost due to the host being rebooted
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by SoukelezArtibuz at Nov. 12, 2020, 4:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jjcode
2 years, 2 months ago
i went with C and D and, but the answer is C and E, I'm confused because the hacker used a privilage escalation attack not a buffer overflow.
upvoted 1 times
...
vorozco
3 years, 2 months ago
Selected Answer: CD
Going with C and D due to the gpg -e and scp commands.
upvoted 1 times
...
cvMikazuki
3 years, 6 months ago
its C and D. Base on log we see from jsmith>root, then scp the payrol data
upvoted 2 times
...
arawaco
3 years, 7 months ago
I guess C & E. E because of this http://security.cs.rpi.edu/~candej2/kernel/kernel_exploit.pdf
upvoted 1 times
...
jhxetc
4 years ago
Definitely C&D. There is no buffer overflow, the kernel panic is from trying to access an invalid pointer.
upvoted 2 times
...
Neo2020
4 years, 2 months ago
Answer is CE.
upvoted 2 times
TheThreatGuy
4 years, 2 months ago
No it’s not. There is no buffer overflow. The panic is caused by an incorrect remove command. C&D are the answers.
upvoted 2 times
infosec208
4 years, 1 month ago
Agreed. C and D.
upvoted 2 times
...
...
...
SoukelezArtibuz
4 years, 5 months ago
Why not D? Data were encrypted with GPG then copied to remote server with SCP
upvoted 2 times
D1960
4 years, 5 months ago
I think I would go with CD. I don't know that there was a buffer overflow that caused the kernel panic.
upvoted 3 times
Trap_D0_r
4 years, 2 months ago
Agreed
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago