During a forensic review of a compromised CentOS web server, the incident-response team extracts several artifacts that could be shared as threat-intelligence. Which item is the most appropriate high-fidelity host-based indicator of compromise that other organizations can safely use to detect the same malware on their own Linux systems?
The server's public IPv4 address during the attack
The process ID the malware used while it was running
The timestamp of the first failed SSH login in /var/log/secure
The SHA-256 hash of the malicious ELF binary found in /usr/local/bin
File-hash values (MD5, SHA-1, SHA-256, etc.) are considered high-confidence host-based IoCs because a cryptographic hash uniquely identifies a specific file across every host. Sharing the SHA-256 hash of the back-door executable lets security tools on other machines search for an exact match, even if the malware is renamed or placed in a different directory. A process ID, an external IP address, or a single timestamp are environment-specific, volatile, and therefore unreliable as portable IoCs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a SHA-256 hash better than a process ID for detecting malware?
Open an interactive chat with Bash
What are some other uses of file hashes like SHA-256 in cybersecurity?
Open an interactive chat with Bash
How does a cryptographic hash like SHA-256 ensure uniqueness and security?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .