Exam CS0-003 Topic 3 Question 292 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 292
Topic #: 3
A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output:

Which of the following commands should the administrator run next to further analyze the compromised system?

Suggested Answer: C Vote an answer

/bin/ls -1 /proc/1301/exe is the command that will show the absolute path to the executed binary file associated with the process ID 1301, which is ./usr/sbin/sshd. This information can help the security analyst determine if the binary is an official version and has not been modified, which could be an indicator of a compromise. /proc/1301/exe is a special symbolic link that points to the executable file that was used to start the process 1301 .

by Zenobia at May 23, 2024, 12:36 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10