Exam CS0-003 Topic 3 Question 292 Discussion
Actual exam question for CompTIA's CS0-003 exam
Question #: 292
Topic #: 3
Question #: 292
Topic #: 3
A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output:

Which of the following commands should the administrator run next to further analyze the compromised system?

Which of the following commands should the administrator run next to further analyze the compromised system?
Suggested Answer: C Vote an answer
/bin/ls -1 /proc/1301/exe is the command that will show the absolute path to the executed binary file associated with the process ID 1301, which is ./usr/sbin/sshd. This information can help the security analyst determine if the binary is an official version and has not been modified, which could be an indicator of a compromise. /proc/1301/exe is a special symbolic link that points to the executable file that was used to start the process 1301 .
by Zenobia at May 23, 2024, 12:36 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).