Question 18 of 160 from exam CS0-002: CompTIA CySA+
Question
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:
![[root@www18 /tmp]# uptime
19:23:35 up 2:33, 1 user, load average: 87.22, 79.69, 72.17
[root@www18 /tmp]# crontab -1
ee 2 RUS / bop /et le
[root@www18 /tmp]# ps ax | grep tmp
1325 ? Ss 0:00 /tmp/.t/t
[root@wwwl8 /tmp]# netstat -anlp
tcp 0 0 0.0.0.0:22 172.168.0.0:* ESTABLISHED 1204/sshd
tcp 0 0 127.0.0.1:631 0.0.0. LISTEN 1214/cupsd
tcp 0 0 0.0.0.0:443 0.0.0. LISTEN 1267/httoad](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04128/0001300001.png)
Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.