ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 154 discussion

Actual exam question from CompTIA's SY0-501
Question #: 154
Topic #: 1
[All SY0-501 Questions]

A security analyst reviews the following output:

The analyst loads the hash into the SIEM to discover if this hash is seen in other parts of the network. After inspecting a large number of files, the security analyst reports the following:

Which of the following is the MOST likely cause of the hash being found in other areas?

  • A. Jan Smith is an insider threat
  • B. There are MD5 hash collisions
  • C. The file is encrypted
  • D. Shadow copies are present
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Lains2019 at Nov. 27, 2019, 10:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jovo
Highly Voted 5 years, 4 months ago
Answer B is Correct. Shadow copies are used for backup that might be needed for File Restore, but from the question here diff files (Xls, doc, pdf) have the same Hash value: this concept is Called Hash Collision
upvoted 11 times
squareskittles
4 years, 11 months ago
I ruled out B based on the probability that 3 files **of the same name** all happened to have the **same** hash is impossibly low. Better chance of Jan being an insider threat...
upvoted 11 times
Huh
4 years, 4 months ago
I don't get what your saying here skittles, 3 files that are exactly the same would have the same hash if they're same. Also the file name doesn't matter the data that's in the file is what matters. You can try it yourself real easy. download 7zip, create 2 notepad docs, type "I Love Pie" , save and hash it by right clicking it and selecting sha-1 or 256 and you have the same hash. But if use a rtf file for instance and type "I Love Pie" you'll get a different hash because it's different file type. So yeah it's B, a collision.
upvoted 1 times
Dedutch
4 years, 2 months ago
I mean, its B because everything in the question is talking about file hashes. But in reality the odds of 3 files having a MD5 hash collision are astronomically low. The odds of Jane being incompotent and accidentally doing something stupid are probably 50/50 based on my experience with end users. So yes, its B because its a test. But in reality its got to be Jane. Every users is an insider threat imo ;)... especially myself. I've inadvetently caused outages several times in my career.
upvoted 3 times
...
...
...
...
upgrayedd
Highly Voted 5 years, 1 month ago
I guess B is correct. The odds of MD5 creating the same hash for 3 different files has got to be astronomical though, no?
upvoted 6 times
ClintBeavers
5 years ago
exactly, even with MD5, the chances of 3 files having the same hash is so astronomically high that is practically impossible. maybe 1 and 100 trillion? CompTIA should be better than this
upvoted 1 times
study_Somuch
4 years, 12 months ago
MD5 - Wikipedia en.wikipedia.org › wiki › MD5 Jump to Collision vulnerabilities - One basic requirement of any cryptographic hash function is that it should be computationally infeasible to find two distinct messages that hash to the same value. MD5 fails this requirement catastrophically; such collisions can be found in seconds on an ordinary home computer.
upvoted 1 times
Dedutch
4 years, 2 months ago
yes, it fails FOR hashing passwords or such where someone would brute force it... For hashing files for integrity its fine. Creating 3 different files with the same hash... the odds of a collision are 1.47*10^29 (quick google, i didn't do the math).
upvoted 1 times
...
...
...
...
aosroyal
Most Recent 4 years, 3 months ago
another really dumb question imo. not testing my security knowledge
upvoted 1 times
...
who__cares123456789___
4 years, 5 months ago
Collision....move on
upvoted 2 times
...
dinosan
4 years, 10 months ago
B. is correct! The Hash and the file name have nothing to do with one another. For example once you have a hash of a password you can use a different password name as long as the hashes match, and that is called hash collision.
upvoted 2 times
...
MagicianRecon
4 years, 11 months ago
I believe shadow copies would have the same name and same file extensions which obviosly is not true here.
upvoted 1 times
...
Gerarigneel
5 years, 4 months ago
The right answer is B cause SIEM had to find just one match and it found 3 instead which means MD5 generated the same hash value for different files.
upvoted 4 times
...
stoda
5 years, 4 months ago
Shadow copies would have the same name
upvoted 1 times
...
GMO
5 years, 4 months ago
B: A Hash Collision Attack is an attempt to find two input strings of a hash function that produce the same hash result. Because hash functions have infinite input length and a predefined output length, there is inevitably going to be the possibility of two different inputs that produce the same output hash.
upvoted 4 times
...
Lains2019
5 years, 6 months ago
I think D Shadow copies?
upvoted 2 times
momunah
5 years, 6 months ago
i agree with you, i think the answer is D too. here is what i found https://www.howtogeek.com/129188/htg-explains-what-are-shadow-copies-and-how-can-i-use-them-to-copy-or-backup-locked-files/
upvoted 2 times
Jasonbelt
4 years, 10 months ago
Hash Collisions happen when the Hash is used more than once. This would be the case. Shadow copies is a windows thing, these files all have different names, so they wouldn't be copies.
upvoted 6 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel