During a forensic review of a compromised CentOS web server, the incident-response team extracts several artifacts that could be shared as threat-intelligence. Which item is the most appropriate high-fidelity host-based indicator of compromise that other organizations can safely use to detect the same malware on their own Linux systems?
The timestamp of the first failed SSH login in /var/log/secure
The server's public IPv4 address during the attack
The SHA-256 hash of the malicious ELF binary found in /usr/local/bin
The process ID the malware used while it was running
File-hash values (MD5, SHA-1, SHA-256, etc.) are considered high-confidence host-based IoCs because a cryptographic hash uniquely identifies a specific file across every host. Sharing the SHA-256 hash of the back-door executable lets security tools on other machines search for an exact match, even if the malware is renamed or placed in a different directory. A process ID, an external IP address, or a single timestamp are environment-specific, volatile, and therefore unreliable as portable IoCs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a SHA-256 hash better than a process ID for detecting malware?
Open an interactive chat with Bash
What are some other uses of file hashes like SHA-256 in cybersecurity?
Open an interactive chat with Bash
How does a cryptographic hash like SHA-256 ensure uniqueness and security?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .