A business recently installed a kiosk that is running on a hardened operating system as a restricted user. The kiosk user application is the only application that is allowed to run. A security analyst gets a report that pricing data is being modified on the server, and management wants to know how this is happening. After reviewing the logs, the analyst discovers the root account from the kiosk is accessing the files. After validating the permissions on the server, the analyst confirms the permissions from the kiosk do not allow to write to the server data.
Which of the following is the MOST likely reason for the pricing data modifications on the server?
A . Data on the server is not encrypted, allowing users to change the pricing data.
B . The kiosk user account has execute permissions on the server data files.
C . Customers are logging off the kiosk and guessing the root account password.
D . Customers are escaping the application shell and gaining root-level access.
Answer: D