ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SK0-005 All Questions

View all questions & answers for the SK0-005 exam
Go to Exam

Exam SK0-005 topic 1 question 235 discussion

Actual exam question from CompTIA's SK0-005
Question #: 235
Topic #: 1
[All SK0-005 Questions]

The network's IDS is giving multiple alerts that unauthorized traffic from a critical application server is being sent to a known-bad public IP address.
One of the alerts contains the following information:


Exploit Alert -

Attempted User Privilege Gain -
2/2/07-3:09:09 10.1.200.32 --> 208.206.12.9:80

This server application is part of a cluster in which two other servers are also servicing clients. The server administrator has verified the other servers are not sending out traffic to that public IP address. The IP address subnet of the application servers is 10.1.200.0/26. Which of the following should the administrator perform to ensure only authorized traffic is being sent from the application server and downtime is minimized? (Choose two.)

  • A. Disable all services on the affected application server.
  • B. Perform a vulnerability scan on all the servers within the cluster and patch accordingly.
  • C. Block access to 208.206.12.9 from all servers on the network.
  • D. Change the IP address of all the servers in the cluster to the 208.206.12.0/26 subnet.
  • E. Enable GPO to install an antivirus on all the servers and perform a weekly reboot.
  • F. Perform an antivirus scan on all servers within the cluster and reboot each server.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by RBL23168 at Dec. 9, 2023, 1:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
surfuganda
8 months ago
Selected Answer: BC
B. Perform a vulnerability scan on all the servers within the cluster and patch accordingly. C. Block access to 208.206.12.9 from all servers on the network.
upvoted 1 times
...
RBL23168
11 months, 1 week ago
Selected Answer: BC
Provided answers are correct. Find and fix the issue B. Perform a vulnerability scan on all the servers within the cluster and patch accordingly. Then take action for that not to be possible to occur again C. Block access to 208.206.12.9 from all servers on the network.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago