Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CAS-003 topic 1 question 15 discussion

Actual exam question from CompTIA's CAS-003
Question #: 15
Topic #: 1
[All CAS-003 Questions]

A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:

Which of the following does the log sample indicate? (Choose two.)

  • A. A root user performed an injection attack via kernel module
  • B. Encrypted payroll data was successfully decrypted by the attacker
  • C. Jsmith successfully used a privilege escalation attack
  • D. Payroll data was exfiltrated to an attacker-controlled host
  • E. Buffer overflow in memory paging caused a kernel panic
  • F. Syslog entries were lost due to the host being rebooted
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
jjcode
1 year, 1 month ago
i went with C and D and, but the answer is C and E, I'm confused because the hacker used a privilage escalation attack not a buffer overflow.
upvoted 1 times
...
vorozco
2 years ago
Selected Answer: CD
Going with C and D due to the gpg -e and scp commands.
upvoted 1 times
...
cvMikazuki
2 years, 4 months ago
its C and D. Base on log we see from jsmith>root, then scp the payrol data
upvoted 2 times
...
arawaco
2 years, 6 months ago
I guess C & E. E because of this http://security.cs.rpi.edu/~candej2/kernel/kernel_exploit.pdf
upvoted 1 times
...
jhxetc
2 years, 11 months ago
Definitely C&D. There is no buffer overflow, the kernel panic is from trying to access an invalid pointer.
upvoted 2 times
...
Neo2020
3 years, 1 month ago
Answer is CE.
upvoted 2 times
TheThreatGuy
3 years, 1 month ago
No it’s not. There is no buffer overflow. The panic is caused by an incorrect remove command. C&D are the answers.
upvoted 2 times
infosec208
3 years ago
Agreed. C and D.
upvoted 2 times
...
...
...
SoukelezArtibuz
3 years, 4 months ago
Why not D? Data were encrypted with GPG then copied to remote server with SCP
upvoted 2 times
D1960
3 years, 3 months ago
I think I would go with CD. I don't know that there was a buffer overflow that caused the kernel panic.
upvoted 3 times
Trap_D0_r
3 years, 1 month ago
Agreed
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...