CompTIA CySA+ (CS0-001) — Question 157

A business recently installed a kiosk that is running on a hardened operating system as a restricted user. The kiosk user application is the only application that is allowed to run. A security analyst gets a report that pricing data is being modified on the server, and management wants to know how this is happening. After reviewing the logs, the analyst discovers the root account from the kiosk is accessing the files. After validating the permissions on the server, the analyst confirms the permissions from the kiosk do not allow to write to the server data.
Which of the following is the MOST likely reason for the pricing data modifications on the server?

Answer options

• A. Data on the server is not encrypted, allowing users to change the pricing data.
• B. The kiosk user account has execute permissions on the server data files.
• C. Customers are logging off the kiosk and guessing the root account password.
• D. Customers are escaping the application shell and gaining root-level access.

Correct answer: D

Explanation

The most probable cause for the pricing data changes is that users are escaping the application shell and gaining root-level access, as indicated by option D. The other options do not align with the kiosk's security setup, as data should not be modifiable without proper permissions, nor does it suggest any actual vulnerabilities that would allow the kiosk user account to alter server data.