{"id":103,"date":"2022-11-25T17:23:39","date_gmt":"2022-11-25T17:23:39","guid":{"rendered":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/comptia-cysacs0-002-question097\/"},"modified":"2022-11-25T17:23:39","modified_gmt":"2022-11-25T17:23:39","slug":"comptia-cysacs0-002-question097","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/comptia-cysacs0-002-question097\/","title":{"rendered":"CompTIA CySA+CS0-002 &#8211; Question097"},"content":{"rendered":"<div class=\"question\">A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.<br \/>\nSuspecting the system may be compromised, the analyst runs the following commands:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full\" src=\"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-content\/uploads\/exam\/img_123_0058.jpg\" \/><br \/>\nBased on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?<br \/><strong><br \/>A.<\/strong> Run crontab -r; rm -rf \/tmp\/.t to remove and disable the malware on the system.<br \/><strong>B.<\/strong> Examine the server logs for further indicators of compromise of a web application.<br \/><strong>C.<\/strong> Run kill -9 1325 to bring the load average down so the server is usable again.<br \/><strong>D.<\/strong> Perform a binary analysis on the \/tmp\/.t\/t file, as it is likely to be a rogue SSHD server.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>B<\/strong><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands: Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?A. Run crontab -r; rm -rf \/tmp\/.t [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,100],"class_list":["post-103","post","type-post","status-publish","format-standard","hentry","category-comptia-cysacs0-002","tag-comptia-cysacs0-002","tag-question-097"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/posts\/103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/comments?post=103"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/posts\/103\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/media?parent=103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/categories?post=103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/c\/CySA+CS0-002\/wp-json\/wp\/v2\/tags?post=103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}