CompTIA CASP+ (CAS-004) — Question 14

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.
Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Answer options

• A. Spawn a shell using sudo and an escape string such as sudo vim -c '!sh'.
• B. Perform ASIC password cracking on the host.
• C. Read the /etc/passwd file to extract the usernames.
• D. Initiate unquoted service path exploits.
• E. Use the UNION operator to extract the database schema.

Correct answer: A

Explanation

The correct answer, A, is a valid method to elevate privileges by using sudo in combination with an escape string to spawn a shell. Options B, C, D, and E do not directly facilitate privilege escalation; instead, they focus on other tactics such as password cracking, reading user data, exploiting service paths, or database queries.