CompTIA
CAS-003 · Question #458
CAS-003 Question #458: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-003 to reveal the answer and full explanation for question #458. The question stem and answer options stay visible for context.
Enterprise Security Operations
Question
While investigating suspicious activity on a server, a security administrator runs the following report: In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report. Which of the following BEST describe this scenario? (Choose two.)
Options
- AAn attacker compromised the server and may have used a collision hash in the MD5 algorithm
- BAn attacker compromised the server and may have also compromised the file integrity
- CAn attacker compromised the server and may have installed a rootkit to always generate valid
- DAn attacker compromised the server and may have used MD5 collision hashes to generate valid
- EAn attacker compromised the server and may have used SELinux mandatory access controls to
Unlock CAS-003 to see the answer
You've previewed enough free CAS-003 questions. Unlock CAS-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#rootkit#file integrity monitoring#MD5 collision#forensic analysis