CAS-005 · Question #162
CAS-005 Question #162: Real Exam Question with Answer & Explanation
The correct answer is A: The administrator's account credentials were intercepted and reused.. The log shows the backup-admin performing network access followed shortly by the SYSTEM user deleting mailbox data, indicating possible misuse of the administrator’s credentials or session. This suggests the administrator’s credentials were likely intercepted and reused, leading
Question
While investigating an email server that crashed, an analyst reviews the following log files: Which of the following is most likely the root cause?
Options
- AThe administrator's account credentials were intercepted and reused.
- BThe backup process did not complete and caused cascading failure.
- CA hardware failure in the storage array caused the mailboxes to be inaccessible.
- DA user with low privileges was able to escalate and erase all mailboxes.
Explanation
The log shows the backup-admin performing network access followed shortly by the SYSTEM user deleting mailbox data, indicating possible misuse of the administrator’s credentials or session. This suggests the administrator’s credentials were likely intercepted and reused, leading to unauthorized deletion and the server crash.
Community Discussion
No community discussion yet for this question.