ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 123 discussion

Actual exam question from CompTIA's CS0-002
Question #: 123
Topic #: 1
[All CS0-002 Questions]

An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions, the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
✑ Successful administrator login reporting priority `" high
✑ Failed administrator login reporting priority `" medium
✑ Failed temporary elevated permissions `" low
✑ Successful temporary elevated permissions `" non-reportable
A security analyst is reviewing server syslogs and sees the following:

Which of the following events is the HIGHEST reporting priority?

  • A. <100>2 2020-01-10T20:36:01.010Z financeserver sudo 201 32001 - BOM 'sudo vi users.txt' success
  • B. <100>2 2020-01-10T21:18:34.002Z adminserver sudo 201 32001 - BOM 'sudo more /etc/passwords' success
  • C. <100>2 2020-01-10T19:33:48.002Z webserver su 201 32001 - BOM 'su' success
  • D. <100>2 2020-01-10T21:53:11.002Z financeserver su 201 32001 - BOM 'su vi syslog.conf failed for joe
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Laudy at Sept. 8, 2022, 3:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Laudy
Highly Voted 2 years, 9 months ago
B is non-reportable. C is the correct answer
upvoted 12 times
cyberseckid
2 years, 9 months ago
I agree
upvoted 1 times
ThisGuyStillLearning
2 years, 8 months ago
Pls help, how do you read the syslog?
upvoted 1 times
R00ted
2 years, 8 months ago
Google "su"
upvoted 4 times
...
DerekM
2 years ago
su stands for super user aka admin so doing the command 'su' would be logging in as a admininistrator account. Whereas 'sudo' is super user do would be doing a command with the admin credentials. sudo is non-reportable and su is a high status. Correct me if I'm wrong please.
upvoted 6 times
...
...
...
SolventCourseisSCAM
2 years, 7 months ago
how do you understand on the syslog that B is temporary elevated permissions, so it is non-reportable?
upvoted 1 times
cbrow
1 year, 7 months ago
The only way of knowing is the differences between the 'su' and 'sudo' commands.
upvoted 1 times
...
...
th3man
2 years, 7 months ago
su provides temp acces (non-reportable), but you chose C, and stated B is non-reportable (uses sudo). ???
upvoted 1 times
cbrow
1 year, 7 months ago
Su allows users to switch to the root account and perform administrative tasks, while sudo allows users to execute specific commands with elevated privileges
upvoted 2 times
...
...
2Fish
2 years, 3 months ago
Agree. This is C, this is a successful login from su.
upvoted 1 times
...
...
anhod1578
Most Recent 1 year, 3 months ago
Selected Answer: D
The provided line "su vi syslog.conf failed" indicates an unsuccessful attempt to gain elevated privileges and edit the system log file on a server named "financeserver" by a user named "joe". This event suggests a potential security concern, as a regular user attempted to gain administrator privileges and modify a critical system file. It's important to investigate this event further to understand the context and potential motivations behind the attempt.
upvoted 1 times
...
Gwatto
1 year, 7 months ago
Selected Answer: C
Answer has to be C. "SU" meaning switch user to the root account which is a succeful logon with admin privilege .
upvoted 1 times
...
Leonidasss
2 years, 2 months ago
Selected Answer: C
su switches permanently
upvoted 3 times
...
AaronS1990
2 years, 4 months ago
Selected Answer: C
Sudo is the command for elevated admin privileges and C doesn't have this command and was successful.
upvoted 1 times
...
TKW36
2 years, 5 months ago
Selected Answer: C
The event that is the highest reporting priority is C. According to the organization's reporting priorities, a successful administrator login is a high priority, and a failed administrator login is a medium priority. In this log message, the user is attempting to log in to the administrator account using the "su" command, which suggests that the user is attempting to gain elevated privileges. Therefore, this event is a failed administrator login, which is a medium reporting priority. In comparison, the other log messages in the choices provided involve the use of the "sudo" command, which indicates that the user is attempting to temporarily escalate permissions rather than logging in to the administrator account. As such, these events would not be considered administrator login events and would not be considered high or medium reporting priorities. Instead, they would be considered temporary elevated permissions events, which have a low or non-reportable reporting priority according to the organization's reporting priorities.
upvoted 3 times
...
White_T_10
2 years, 6 months ago
This is a tricky question. However, the main difference between the two is that su requires the password of the target account, while sudo requires the password of the current user. So, I would go with C.
upvoted 3 times
...
Ouma
2 years, 8 months ago
Selected Answer: C
Definitely C
upvoted 1 times
...
cfrazzy
2 years, 8 months ago
Selected Answer: C
C indicates root access and using root priveleges
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel