A security auditor finds that certain accounts, intended to have standard user permissions, are executing commands that typically require admin rights. Further investigation reveals these accounts have been added to a group with elevated privileges. Which situation does this observation most accurately reflect?
Service disruption caused by frequent account lockouts
Unauthorized access from unchanged default account passwords
Data exposure from compromised encryption protocols
Privilege escalation due to unauthorized changes in group memberships
This scenario suggests a case of privilege escalation, a situation where user accounts have been granted more access rights than intended, allowing them to execute commands beyond their original permissions. Here, the service accounts, which should have standard privileges, were found to be part of a privileged group, granting them higher access rights typical of system administrators. This specific detail of 'group membership change' distinguishes the issue as privilege escalation rather than other scenarios like default password changes, account lockouts, or compromised encryption keys which relate to different types of security issues.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is privilege escalation?
Open an interactive chat with Bash
What are service accounts and their typical usage?
Open an interactive chat with Bash
What are the risks of unauthorized changes in group memberships?