WyzGuys Tech Talk

Wish I saw this before taking the exam. I had no idea this question was coming and had to skip it and I failed the exam. I had all the multiple-choice questions memorized but yet I still somehow failed. Are these lab questions worth a lot of points/

I am glad I passed the test at first attempt. The information here on this page is very useful. Please double check all the answers on other websites because many of them are answered incorrectly. I got the Linux Sim and I found using the command netstat -nltp is better than netstat -nalp because it easily shows the TCP connections so you can find the malicious one. Good Luck to everyone! Now next is CISSP!

I took the CASP last Thursday at home. The at home testing went well, no horror stories here like I’ve heard with others. Unfortunately, I did fail my first attempt.

Here’s where I think I went wrong. First, I took the exam Thursday evening after a full days work. I was burnt out by this time and really just didn’t want to sit for it. The next thing, I read Mark Birch’s book twice and did the practice test once. I ended with 21 sections called out in the exam results.

Going forward, I’ve been hitting all the sections I failed in Jason Dion’s video course and purchased his practice exams. I also plan to retake Marks practice exam seeing how similar some of the questions were.

I felt I was close on the Linux SIM last time but couldn’t find the TCP process. I did find, stop, and disable the rogue process. After reviewing I feel I have the necessary commands to find and kill the TCP process and will delete the rogue service next time.

For the cloud based question it looks like I should go with BGP next time as I think I just guessed initially.

I plan to retake in the next week after I’m done reviewing, I’ll report back!

Well I passed today on the second attempt!

I finished up with 17 sections marked in the review. I felt confident in my Linux solution. I didn’t delete any anything, I just followed the instructions as written. Find and end the TCP connection. Find the bad.service and disable it on boot. When using netstat -nalp make sure to look for the TCP connection as you might see TCP and UDP. Also, I ran netstat as sudo so it would give me the PID. I rebooted the server after and verified the connections didn’t come back up.

Jason Dion’s course on Udemy and his practice exams we’re absolutely fantastic. Also, thank you to everyone on here. There is a ton of valuable information. On to the CISSP!

The virtual simulation carries plenty of weight and this site is a great source of info, just passed the CASP+ yesterday. PLEASE install a virtual Linux machine or OS and learn the command line and be fluent. When testing most of the time every thought disappears even is the answer is known to you. “If one is in security then all is well”

Thank you to all of the contributions here. I passed the CASP today on my first attempt. As for the Linux sim, I personally started out with using the locate command and searched for some key words. Not the way you should go about this in the real world if you’re hunting for malware but this worked for the exam. One of the key words I used pointed me in the right direction and I was able to cat the contents of the file which gave me a hint as to what process and connection I needed to kill. Pretty much reverse engineered the question. Confirmed the connection with netstat, confirmed process with ps aux. Finally killed the process, deleted the files, killed the connection, and then did a reboot to confirm the malicious artifacts were indeed gone ( not in that order).

I don’t think it’s ever advised to just “kill -9”. This stops the process but the linked processes. If you capture all of the process IDs then you can “kill -9” all of them in a list. I usually do this with a:
kill -9 `cat`
(pasted list of pids)

Is there any tips for second PBQ?

Thought I’d add my 2 cents as reading this forum did help me some. I took my first CAS 004 in early Dec 2022. and passed. I had previously failed the CAS 003 two years ago on one try.

I too had the drag and drop PBQ as the first item. I didn’t think it was that challenging and did remember to click Directory Services box for the additional drop down question. (there’s a red ball icon on it after making drag and drops) I am not 100% sure I got it all right).

For the SIM question I had trouble. I had read this forum and basically memorized ‘Tester’ and ‘James Beanbag’ posts from above… I did also do a quick brush up on the relevant Linux commands. Still I blew the question because I used netstat -nalp, or -natp (which gives the PID, making the lsof -i :port# unnecessary I think) , and more flags and did not realize it was listing processes, not services… when I searched for the names of the processes or just anything like I spent a lot of time on this because I thought I’d get it eventually. I didn’t know how to list Services at the time and we are tasked to find services. There was one process listed that ended its name with the word ‘resolve’ so I figured I’d try to stop and disable that one. But upon trying Kill -9 with its PID it responded by saying it’s not a service. I did see a total of 5 or 6 processes total. Some were obviously related to the services the instructions said NOT to disable or stop. So ultimately I simply ran the kill -9 for the remaining processes (two) and moved on. As I understand it Likk -9 does bot the stopping and disabling and that is what is asked, so that is how I left it and moved on. I am pretty sure I bobed the sim but maybe got some credit for running some commands, not sure.

The remaining questions were all multiple choice which I had had studied for overall. Bu the end I felt confident in most of my multiple choice responses except for maybe 10 of them.

Having read in this forum that the SIM likely weighs heavy in scoring, by the end of finishing the exam I felt like I had blown it. I was shocked to see that I had passed.

Interestingly enough I talked with a co-worker who also had very recently passed his CASP in one shot I believe… he said he had no clue regarding the SIM and he basically just skipped it…and passed! He felt the drag and drop was PBQ was easy.

Leads me to believe that al is not lost if one doesn’t do well with the SIM. But if you know how to list services and processes, and use the kill -9 with the correct PID, it should be straight forward

I passed my test this week and I want to thank you for mentioning Virtual Box. I had not heard of that site/software and it was exactly what I was looking for. Your mention of that & that Ubuntu provided machines ready for use in VBox really gave me the opportunity to practice and understand what I was doing in the environment.

Yesterday was my third attempt at the CASP+ 004 exam. Failed again. My first two attempts were pretty much the same test (and I struggled with the Forensic Sim). This third one was different. I’m very confident I did well on the Forensic Sim this time (thanks to this blog and everyone’s helpful comments). The PBQs were different though and several of the MC questions. This time I had to review code snippets, figure out what they were doing and how to mitigate; not so confident about this one but the other was to harden the server which I think I did well on. Guess I’ll study code snippets some more and try again….hopefully the test won’t change again if I’m able to retake it in a couple weeks….

Just wanted to say I passed my test yesterday and similar to Taylorbuckeye had the code snippet question as my second PBQ and lots of new multiple choice questions I didn’t see in any practice exam. I think they might have rolled out a new version of the test for the new year. But the Linux sim I aced thanks to this blog post suggesting practicing on a VM and the comments from everyone.

I did run out of time at the end, got to the final question with about 1min to spare and had to quickly go back to the 2 unanswered questions I had skipped (one was the code snippet), only was able to answer the code snippet PBQ before time ran out. But still passed!

Thanks Bob!

I am getting ready to take the exam next week (remote). I have been using the Certmaster from CompTIA and Jason Dion’s course and practice exams. I’ve passed Security + and CySa+ in years past. First time I took the practice exams I was scoring about 70% for CASP. I am studying the areas I am having trouble with the most and obviously focusing on the material I got wrong. Any indication of roughly what percentage we need to be at to pass the exam? Any other tips besides the ones in this thread? This has been most helpful for knowing what to study.

Just wanted to give an update here. I took the exam this morning. I still have not received an email, but I logged into my CompTIA account and what do you know? I Passed! I could not believe my eyes. From the looks of it I think I scored an 84%. I ended this exam knowing it was the toughest one I have even taken. I full expected to fail this exam after I pressed submit.

Most of the questions on the exam I have never seen before. By far the toughest one was the Linux sim. I spent about 40 minutes on this part. At one point I didn’t think I would find the problem, but I kept digging and digging and I found the problems.

Thanks to all the helpful tips! If you are going to take this exam, DEFINITELY practice the Linux portion!

I have actually not taken the CISSP yet. I was thinking about taking that exam at the end of the year. But I can say with certainty that the CASP is no joke. You really have to read the questions and think critically about the answer. I’ve been working in security for the past 4 years and as a sysadmin for the past 7 years prior. I worked in a primarily Linux shop and I think that helped a lot for me on the Linux sim.

I definitely learned quite a bit throughout the studying process for this exam. Just remember while taking the exam to carefully and methodically read each question. The wording is something you need to get used to, so I highly recommend the CertMaster.

When using sudo for the sim, are we prompted with a password to enter it? If so, what’s the PW? I failed my first exam and just blew by this due to being lame with Linux. So, having researched the heck out of this, I am about ready for the second try. Been a Windows/VMware guy most of my career and only know what I need to know because of ESXi. Plus, I always research online for scripting and all. This blasted exam is forcing me to know Linux stuff more than I ever wanted.

OK, Thanks. The scenario gives Username of labXXXadmin with the password of XXXyyYzz! so I assume that would suffice fo sudo. Correct? I’ve been IT for over 40 years and still want to work. I really love this job but could retire if I wanted to.

Bob,

Im about to take my CASP+ 04 on friday. I think im prepared… I trying to fumble through some labs form certmaster but im kind of confused at places. Will it be straight forward in the exam?

So I took the test last night. Failed(my first time). Thought I did well, knew most of the questions. I didn’t skip anything on purpose or on accident. I got two pbqs right off the bat I was not prepared for. Code snippets and another one I wish I could remember right now. I’ll have to look it up and find it.
But, as a test taker I felt confident. Then, when I looked it up, I saw the dreaded fail.
I’m going to keep studying and take it again at the end of the month.

The keyboard setting for lab is US and I found it difficult to type | from UK keyboard. Any idea which key to use to type | on command?

Can we change the keyboard setting? I doubt it..

Thanks to this site and another discussion forum I passed my CASP yesterday. The discussion above with the test taker was beneficial on my exam. I had taken this exam 2 times previously and failed miserably. Yesterday I had some real confidence and passed.
Look folks, I studied hard for this test. You have to review questions from dumps and find the best answers. I installed Ubuntu and not only became familiar with some of the commands to use but also became comfortable with services and the contents of the directories within Linux. Why not?!? I couldn’t hurt! Thanks again for this site and the discussions & comments from all above. Very helpful to this guy!!

I took the exam today and I passed at the second attempt. Comments from “Mike February 16, 2023” really helped. My suggestion for anyone taking the exam soon is to familiarize themselves with Ubuntu bash commands. Also, get the CompTIA CASP+ Certification Guide book from Mark Birch. The book dumbed down the whole course.

Passed the exam yesterday. What a relief. When I failed the first time, I passed on the Sim since I was clueless. I studied the heck out of Linux commands and all and that clearly helped me pass. Interestingly enough, when I closed out the Sim the first time, it caused me to get assistance as it froze the system I was working on. The monitor had to come in and allow me to continue. It happened again yesterday, freezing the system when I rebooted the VM to make sure the malicious service didn’t come back. This monitor had to call for tech support. She got me back into the VM and I could validate the service was no longer there. So, thanks for this blog as it certainly helped me get through this. At 66 years old, I think I’m done with any more certs. VMware pisses me off with their stupid cert changes. I have been certified since v3.x back in 2009 and passed every update to v6.5. They just want more money to move to any further updates.

Took the CAS-004 today. I had 2 PBQs: the drag and drop covered here, and a code security one. The linux simulation was still there.

Passed today…

82 questions and 3 PBQs. The PBQs were the one that you have to drag and drop the directory server, scada master and VPN concentrator (There is an additional option for the VPN concentrator on site B but I choose something about the SCADA controller), this linux simulation and the old code snippet sim from CAS003 that you can find here https://www.examtopics.com/discussions/comptia/view/62960-exam-cas-003-topic-1-question-480-discussion/

I got the linux simulation but I have to say that sudo netstat -nltp which is the must recommended command in this section didn’t help me.

I had to use sudo netstat -tulpen and it showed a service running on port 3991 but I was not able to know its name just the pid however the process in my case seems to be running at least 3 different pids. The sudo lsof -i : command didn’t show anything to me and sudo systemctl –type=service | grep is useless in case that you don’t know the entire name of the service.

I knew that I had to check the /etc/systemd/system directory for sure so I did the following:

1) sudo netstat -tulpen (saw the service running several pids but one was running on port 3991 and used for SYN_SENT.

2) cd /etc/systemd/system (went to the /etc/systemd/system directory)

3) ls -la (to list all the files and if you know what ubuntu have in this directory you will see the obvious answer here. There is a malicious.service file (LOL) there is no way a hacker would name his file like that… anyway thank you comptia. You made it easy!.

4) cat malicious.service (to see the content of the file… you will see that it runs several sh*t).

5) sudo systemctl stop malicious.service (to stop the service)

6) sudo systemctl disable malicious.service (to disable the malicious service at start up).

7) Now ran sudo netstat -tulpen again and saw that the service on port 39991 that was sending SYN_SENT (clearly used for DDOS) was not running anymore but to be sure I had to delete it and reboot so I did the following.

8) sudo rm malicious.service (To delete the file)

9) reboot -n (restarted the server… be aware that the simulation is slow and the restart took about 3 minutes).

10) Login again, open terminal and ran netstat -tulpen and saw that the service was gone. Went to /etc/systemd/system and the malicious.service file was not there anymore.

11) There was not any “submit” or “done” button for this simulation you just click “next” and hope for the best but I’m pretty sure that I got it right.

Hope this helps anyone else. Good Luck!

Passed on my first attempt three days ago……. somehow. Even after accidentally skipping the notorious Linux simulation question.

My two PBQs were the vulnerable code snippet one from CAS-003 (https://www.examtopics.com/discussions/comptia/view/62960-exam-cas-003-topic-1-question-480-discussion/), and and the nmap scan interpretation question, also from CAS-003 (https://www.examtopics.com/discussions/comptia/view/52461-exam-cas-003-topic-1-question-370-discussion/). I was fully prepared for the code snippet one, but the scan interpretation one took me by surprise. The answers in the discussions on ExamTopics are pretty similar to what I chose, so just familiarize yourself with those and understand *why* those are the correct answers, and you should be fine.

But man, words cannot convey how close I was to walking out when I accidentally skipped that Linux sim. It came up at around question 30 out of 78. It gives you three pages of warnings, the general message of “you are about to enter the virtual environment, you cannot come back to this question” repeated several times, and you have to click “Next” to proceed through those pages. And then you get to the page with the actual simulated environment; there will be your shell in the background, and the pop-out box with instructions on how to complete the question on the right. Once you get here, ***DO. NOT. CLICK. NEXT.*** Like an idiot, I assumed that the instructions box would go away when you click “Next” again, and the actual question will begin. No. It will instead close the entire question; no warning, no confirmation, no “are you SURE you want to do that?,” nothing. It will just move you to the next multiple choice question and you will not be able to go back. Again, ***DO NOT CLICK NEXT*** when you get to the sim and you see that instructions box. Use the minimize button at the top to close it instead. I was unbelievably frustrated when it happened, almost to the point of walking out because I thought it was a guaranteed fail.

I ended up just skimming and taking my first gut-reaction guess at the remaining multiple choice questions, and I was flabbergasted to see that “Pass” on the printout after the test.

The study material I used was the Dion Training practice tests on Udemy, and the test questions and discussions on ExamTopics.com (https://www.examtopics.com/exams/comptia/cas-004/). I would say ExamTopics is probably your single most valuable resource as about 70% of the questions I encountered on the exam could be found there. It’s well worth the $50 in my opinion because it’s almost a guaranteed pass, assuming you study those questions well, and more importantly, checking the discussions section to understand *WHY* the correct answers are correct.

For the sim, you’ll probably want to install a Kali VM, set up your own fake “malicious” service to run on boot, and get some practice with netstat, lsof, ps, systemctl, and grep commands and how you use them to find/identify/stop/disable services. You should also probably be familiar with where services are located and how they are structured. I wish I could give more insight into exactly what the question looks like but……. y’know, I fumbled that one even though I was fully prepared for it. Just do what everyone else has said about that question and you should be fine haha.

Overall I am ecstatic that I passed, but I still have some pretty sour feelings about just how insanely easy it is to accidentally outright skip the simulation. Do y’all happen to know of any kind of feedback/complaints department at CompTIA that would actually take constructive criticism? Because, if nothing else, there needs to be at least some kind of warning when you attempt to click “Next” instead of instantly skipping the question, especially after it makes you click Next through several pages before that. I don’t want anyone else making the same mistake and end up failing, because I honestly feel I just got lucky.

Thanks for sharing!

Passed the CASP+ CAS-004 exam on 18/Apr/2023.

Got 82 questions in all.

All 2 PBQ questions and 1 VM kali Linux Simulation are available in the newest version of PassLeader CAS-004 dumps with 450 Q&As (https://www.passleader.com/cas-004.html).

Good luck!

JUST PASSED CASP+!!

This page was defiently a huge help for me, considering the fact that I had 0 Linux experience lol. I got the 2 code snippets and the BC/DRP PBQs as the first two questions. Thanks to all the comments in this page, the VM simulation went smooth. I spent around 15-20 minutes on it to make sure I did everything right. As far as the multiple choice questions, I feel like they weren’t as hard/complex as I though they would be. I feel like CYSA+ was a lot more challenging than this exam. Anyways, huge thanks to everyone who contributed to this page!

I have to say a big thank you to Bob and all contributors to this thread. Reading here was a defining factor for a first time pass of the CASP+ Exam today. The guidance of what to study was tremendously helpful. I used CertMaster, Mark Birch’s Study Guide and Dion from Udemy. The training was all here and there for self study. Next is CISSP. Good luck to everyone.

Did anyone else have issues seeing the active port for the Linux Sim when running netcat or lsof? I found the malicious.service file and cat it and found the port it was using but when I was going through netcat and lsof (both using sudo or non-sudo), I did not see the 1337 port at all.

I ended up still killing the PID by getting the info from systemctl, and then stopping and disabling the service and removing the file. I also restarted and confirmed that the processes and service were gone. I failed the test I think due to not reading the multiple choice carefully but I am having doubts I dealt with the correct service, I feel like I might of been chasing a red herring and not addressing the “real” malicious.service since I didnt see 1337 in lsof or netcat.

I can’t get enough of this post! It’s like a comprehensive guide that covers all the important aspects. The step-by-step instructions and real-life examples make it easy to implement the suggestions. This site has instantly become my go-to for self-improvement
Also Check This Amazing Exam Discussion: https://www.pass4success.com/palo-alto-networks/discussions

[Bob says: This appears to be a commercial comment for Pass4Success, which is a fine resource. So I am letting the comment stand, just know that this is comment is a marketing message]

Passed after the third time. (Do not Trust the dumps on vce, or exam topics) Use CGPT to assist you with Q&A if you do use dumps. Read those acronyms!

PBQ1: The freaking Linux VM is what kept me back the first two times, and almost the third.
Echoing a reoccurring theme here that Bob has said all he can say. It is a cheap little trick that CompTIA uses to separate the wheat from the tares. Here is what I did without “violating” NDA. First off the Linux VM that hosts the Ubuntu OS has a service that is “malicious” I struggled with my test anxiety and I froze up after struggling for over 7 months on this, and could not find the PID for said malicious service to save my life. So! The instructions say “do not restart the VM” I totally restated the VM after I did the “sudo systemctl stop ” then “sudo systemctl disable The second part is now done, doing the “netstat -nalp” never helped me in the Ubuntu for what ever reason, it sucked. but what it did tell me is that the TCP connection was still open even after I stopped and disabled it. so I rebooted the vm “sudo reboot -n” after about 3~ish minutes the VM came back up, I reran the “netstat -nalp command” and the TCP service was gone!

PBQ2: Had the hosts that had about 8 requirements,
such as harden the hosts, the Database server, two switches. Write down the list of requirements on your helpless notepad they give you at the testing center and check them off as you go.

“Harden” refers to things that should be done to the hosts that are not explicitly listed in the requirements.
Look at the CPU usage on the hosts, if it is running high, then maybe there are pretend resources that are hogging up power that could be disabled…
The some hosts had been updated 7 days ago, the req was to make sure anything 8 or more, then maybe you should update that stuff.

PBQ3: The list of options are only to be dragged and dropped in site A.
VPN Concentrator is one of the correction options
Directory Service – something in the drop down that relates to BGP will solve the issue
Scada (this controls the pumps, read the comments above)

PBQ4: I also had the AAA authenticator and the VPN concentrator that wants you to use the strongest form of encryption for Public Key infrastructure (PKI), You need to stop and take a breath and read the 8 options and ask yourself, do these encryption’s have any relevance to a EAP or PKI? The option you choose will be the same for both hosts you are configuring. for the password requirements, I used the same on as the VM “Passw0rd!” to satisfy the complexity request. The Ip addresses need to point back towards each other, the ip you type in when you click the VPN concentrator, you type the ip address for the AAA server, and vice versa when you click them AAA field to click and type-in the stuff.

Very glad I found this post before taking on the test.

I took the test 3 days ago and PASSED first shot!

Linux VM: One thing I haven’t seen anyone suggest is using the “top” or “htop” command. If you’re looking for a malicious process you’ll want to find what is using up all your resources…

Otherwise to prepare for this I did the Linux Fundamentals 1,2, and 3 rooms on TryHackMe. That depth of knowledge is more than enough for the sim. I also felt like they gave good direction in the test. They basically listed commands that would get you the answer. Remember that some commands in LInux require a sudo.

PBQs: I had 4 of them. They were not so tough as long as you didn’t overcomplicate things. “What was affected/needs to be addressed” “Configure this set up” “how would you harden these endpoints”.

Multiple choice: I found that they were asking for sometimes conflicting requirements but the answers always had a BEST answer. They might not be perfect solutions but what satisfies the most business needs in the situation. I did not get any REGEX quesitons. Otherwise knowing your Linux commands, and the depth of knowledge you get from Jason Dion’s Udemy videos

I found the test to be tricky but fun. Keep. It. Simple!

After passing I wanted to make one thing clear: DO NOT TRUST THE DUMPS. The dumps are complete garbage and definitely do not work.. that being said, study configurations regarding wifi and also know your authentication (and authorization) methods. Don’t overcomplicate things and you’ll be fine.

I passed today used comptia practice test and self paced course studied that for a month along with cbt nuggest practice test . I’ve passed security+ pentest+ and cysa+ that previous knowledge will help you a lot plus I had about 3 year cyber security administration experience which helped figure out alot of questions . I skipped the Linux sim and still passed I felt I did well on the other sims and questions. There was a ton of questions about cloud infrastructure

This post is absolutely captivating! It serves as an all-encompassing guide, addressing every crucial aspect. The clear, step-by-step instructions and real-life illustrations make it a breeze to put the recommendations into practice. This website has quickly become my primary resource for self-improvement.

Additionally, don’t miss out on this incredible exam discussion: { https://www.buddy4exam.com/microsoft-exams/quiz }

Passed the CAS-004 last night first try. I’m convinced that this post was the primary aid in my success. I’m always hard on myself but I think it’s safe to say I wasn’t prepared 100% or even 80%. I bought a voucher through Dion Training and added the 2nd try voucher for a bit more thinking I would need it. I studied occasionally for 2 months with about 30minutes-1hr nightly for ~1.5 weeks. (and by study I mean listening to the training courses and doing knowledge checks). I used many practice tests from 4-5 different sources and then some (mark birch certification guide, dion training on udemy (completed 30%), pearsontestprep, quizlet flashcards). I initially was setting out to study for the CISSP
but my Security+ certification was set to expire 1/22/2024 and I learned you can auto renew by leveling up so I switched courses to the CASP+.
I got the same first PBQ question as others reported and 3 additional PBQ. Regarding the SIM, I struggled for a while and ate a lot of valuable time, even though I knew what to expect and what to do; but because I am rusty and did not practice, I was slow.
I was unable to locate the process ID to kill but was able to work backwards by finding the service in the /etc/systemd/system folder. Stopped the process and then disabled. Then deleted the file (malicious.service) in the system folder that allowed it to start with the system – THANK YOU to James Beanbag for the tip! I was unable to verify due to instructions stating to NOT reboot.
I nailed all the PBQ (I think) but think I may have missed 1 answer on one of the multipart ones. ALL but 5-10 questions in the multiple choice were new… like I didnt have any like them in all sources of practice tests except for 5-10 of them. I was convinced I failed and may have gotten a ton wrong on the multiple choice. I’m thinking the PBQs and SIM have a VERY big influence on the overall determination. I refuse to believe I am THAT good at process of elimination.
Thank you for this wonderful post and your dedication. I have already recommended this to others looking to take the exam and will continue to do so.

Dear Bob,

i just passed the CAS 004 yesterday evening – my first Comptia exam. I stumbled on your blog a few hours before my exams and I must admit I am not sure I would have passed on my first take without the insights here. I am pretty comfortable with Linux and was expecting the PBQs since it was marketed as a technical cert. I had 4 PBQs, the Drag and Drop for Directory Server, SCADA and VPN, as well as the AAA and VPN configuration. And an MDM and hardening PBQ that will eat at least 15-20 mins of the exams time, finally I had one that required NMAP knowledge and remediation. The Linux SIM was fun all thanks to the brilliant write-up of folks here. I will just go ahead to list out the steps that may work for you, in the interest of non-disclosure – I don’t recommend memorizing commands, besides malicious.service under /etc/systemd/system has been deprecated. What you are looking out for is systemd-resolved.service (can’t remember exactly).

sudo su
use Passw0rd!

netstat -tulpn or netstat -nltp (either one works fine and shows the port and PID)

lsof -i : port (not necessary unless you want to confirm the PID and the service)

kill -9 PID

systemctl status systemd-resolved,service (take note of the location, cant remember if it was under /lib/bin/ or something)

systemctl stop systemd-resolved,service

systemctl disable systemd-resolved,service

cd /lib or wherever you noted the location of the service

ls

rm -rf systemd-resolved,service

systemctl status systemd-resolved,service (to confirm)

Oh, for fun i still navigated to /etc/systemd/system and deleted the deprecated malicious.service just in case.

The questions in the exams are a bit technical, as is expected but COMPTIA tries to do too much, especially with the phrasing. Not every one is a native English speaker. But they are comparable with the CISSP questions, I might even say they may be a bit more difficult given that half of the questions I received needed me to select more than one answer from a plethora of options (in some cases 9).

For preparation I used Mark Birch’s book and the official CISSP sand CISM study guides as I already owned them, and spent 3 hours on this website yesterday before the exams – this was my most valuable resource, as it changed my managerial attitude to probelm solving I developed for my CISSP and CISM exams in the past. Would have found and rectified the linux issue but it would have taken me time I did not have, same as the other PBQs. Thank you Bob, you and the good folks here are the reason i finished with more than an hour to spare,

I have a habit of not flagging questions, because I almost never change an answer.

Going to take the test in 2 days and looking for verification regarding linux sim based off what I’ve read so far:

1. Use sudo netstat – atp (to find all TCP processes running and corresponding PID?)

2. sudo kill -9 PID (Kill the PID using)

3. use commands: ps OR top (show list of processes running and CPU/MEM usage, look for process taking up large amount of CPU/memory)

4. systemctl status (search of suspicious service? Not sure how to determine if it is malicious? How do I correlate PID with service name??)(Also take note of fiel location of service)

5. systemctl stop service

6. systemctl disable service

7. Use ls/cd to find file responsible for malicious serivce

8. use rm to remove the file

Done?

Thanks Bob. I think the only part I’m getting tripped on is regarding how to find the file location of the malicious service/process? What commands would I use to find those?

I saw someone said just ‘cat malicious.service’?
What if I do ps or top and find malicious process taking up large amounts of CPU/RAM, what command would I use to find associated file location or service?

Does PassLeader Help? or is it BS??

i pass the exam. i did not believed i did.
The sim question posted on 2022-07-13 above and the one posted 2022-07-12. there was two other one with reading nmap and another deal with VPN and AAA. Like others have posted on the day of the exam i read all things on this post and the other post deal with CASP + and it help.

Thank you and all of those that provided what they tried for those question.

There is a new PBQ.. About half of thr exam had new questions. If you depend on dumps only. You will fail trust me. This exam is for those who studied well and know what they re doing. Yes i passed. Non disclosure. Study your soars, San, Cdn and serverless computing very well. Good luck