ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 87 discussion

Actual exam question from CompTIA's CS0-003
Question #: 87
Topic #: 1
[All CS0-003 Questions]

An incident response team is working with law enforcement to investigate an active web server compromise. The decision has been made to keep the server running and to implement compensating controls for a period of time. The web service must be accessible from the internet via the reverse proxy and must connect to a database server. Which of the following compensating controls will help contain the adversary while meeting the other requirements? (Choose two).

  • A. Drop the tables on the database server to prevent data exfiltration.
  • B. Deploy EDR on the web server and the database server to reduce the adversary’s capabilities.
  • C. Stop the httpd service on the web server so that the adversary can not use web exploits.
  • D. Use microsegmentation to restrict connectivity to/from the web and database servers.
  • E. Comment out the HTTP account in the /etc/passwd file of the web server.
  • F. Move the database from the database server to the web server.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by kmordalv at Sept. 10, 2023, 10:22 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kmordalv
Highly Voted 1 year, 5 months ago
Selected Answer: BD
EDR solutions can help detect and respond to suspicious activities on the web server and database server. This is a reasonable compensating control to reduce the adversary's capabilities. Microsegmentation can be an effective compensating control to restrict network connectivity and contain the adversary's movement. This helps meet the requirement of containing the adversary.
upvoted 8 times
...
chaddman
Highly Voted 1 year, 3 months ago
Selected Answer: BD
D. Use microsegmentation to restrict connectivity to/from the web and database servers. Microsegmentation involves dividing the network into smaller, isolated segments, and it can be a highly effective way to contain an adversary's movement within the network. By restricting connectivity between the web server and the database server to only the necessary communication paths, you can limit the attacker's ability to move laterally within the network. B. Deploy EDR on the web server and the database server to reduce the adversary’s capabilities. Endpoint Detection and Response (EDR) solutions are designed to monitor and respond to suspicious activities on endpoints (servers, workstations). By deploying EDR on both the web server and the database server, you can actively detect and respond to malicious activities, reducing the adversary's capabilities and potentially stopping their progress.
upvoted 5 times
...
deeden
Most Recent 1 year, 2 months ago
I'm skeptical towards option B. I mean, will EDR still be effective after the fact? Shouldn't it already be present prior to the compromise? Any real world scenario input please?
upvoted 1 times
Perryperry
11 months, 2 weeks ago
Option B is valid. That's what we usually do when there is an active compromise. There should already be an EDR on the first place.
upvoted 1 times
...
...
dcdc1000
1 year, 4 months ago
Agree with kmordalv Answer BD and adding this: EDR (Endpoint Detection and Response) solutions provide real-time and historical visibility into a breach, contain malware within a single host, and help facilitate remediation of the host to its original state.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel