CompTIA Security+ (SY0-501) — Question 375

After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application insecurely creating files in / tmp.
Which of the following vulnerabilities has MOST likely been exploited?

Answer options

• A. Privilege escalation
• B. Resource exhaustion
• C. Memory leak
• D. Pointer dereference

Correct answer: A

Explanation

The correct answer is A, Privilege escalation, as the rewriting of the /etc/shadow file suggests that an attacker may have gained higher-level access than intended. The other options, such as Resource exhaustion, Memory leak, and Pointer dereference, do not directly correlate with the unauthorized modification of sensitive files like /etc/shadow.