No Result
View All Result
IT Quesion Library
Contribute
No Result
View All Result
No Result
View All Result

SIMULATION – You are about to enter the virtual environment. Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item. Click Next to continue. Question and Instructions – DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring. 1. Disabling ssh 2. Disabling systemd…

QuestionsCategory: CAS-004SIMULATION – You are about to enter the virtual environment. Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item. Click Next to continue. Question and Instructions – DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring. 1. Disabling ssh 2. Disabling systemd…
0 Vote Up Vote Down
Admin Staff asked 6 months ago 
SIMULATION -
You are about to enter the virtual environment.
Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item.
Click Next to continue.
 Image
Question and Instructions -
DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring.
1. Disabling ssh
2. Disabling systemd
3. Altering the network adapter 172.162.0.0
4. Changing the password in the lab admin account
Once you have completed the item in the virtual environment. you will NOT be allowed to return to this item.
TEST QUESTION -
This system was recently patched following the exploitation of a vulnerability by an attacker to enable data exfiltration.
Despite the vulnerability being patched, it is likely that a malicious TCP service is still running and the adversary has achieved persistence by creating a systemd service.
Examples of commands to use:
kill, killall
lsof
man, --help (use for assistance)
netstat (useful flags: a, n, g, u)
ps (useful flag: a)
systemctl (to control systemd)
Please note: the list of commands shown above is not exhaustive. All native commands are available.
INSTRUSTIONS -
Using the following credentials:
Username: labXXXadmin -
Password: XXXyyYzz!
Investigate to identify indicators of compromise and then remediate them. You will need to make at least two changes:
1. End the compromised process that is using a malicious TCP service.
2. Remove the malicious persistence agent by disabling the service's ability to start on boot.
















 

Suggested Answer: See explanation below.



Find the malicious service and use ג€Killallג€ switch command to end the process.

This question is in CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.

Next Post

AZ-104 Practice Test Free

Related Questions

Recommended

No Result
View All Result

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In