ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 137 discussion

Actual exam question from CompTIA's CS0-001
Question #: 137
Topic #: 1
[All CS0-001 Questions]

A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?

  • A. APT
  • B. DDoS
  • C. Zero day
  • D. False positive
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by battlecreekspartan at May 29, 2020, 3:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
d_k
4 years, 7 months ago
Zero day makes sense too, at least in my head. The Analyst have not identified any other vulnerability attacks that makes up TTP to identify to any APT yet. It could be APT using zero day, but so far, what is discovered is zero day to that company/org the Analyst is working from.
upvoted 1 times
...
ITeaGuy
4 years, 10 months ago
Remember, zero day is the day IT Security learns of the vulnerability and begins working on a fix...
upvoted 1 times
...
Blind_Hatred
5 years, 1 month ago
Imho, it's APT. Did the analyst encounter a Zero Day exploit? Nope! Did the analyst stumble upon a Zero Day vulnerability? Nope! Did the analyst find potentially malicious activity? Yep! Therefor it's an APT. At least in my crazy mind.
upvoted 1 times
...
Shane_Bertolio
5 years, 1 month ago
APT seems right, but I'd like to know what the actual exam says. Too often, companies give their own "best" answer vs. what the real best answer is...
upvoted 2 times
...
TheThreatGuy
5 years, 1 month ago
APT. Key words here are “over the course of a month”
upvoted 3 times
Electricalcookie
5 years ago
Agree with you here this is most likely APT. The attack may as well be happening longer than a month and have now become the 'norm' for that specific server so the analyst did not notice any activities out of the 'ordinary'
upvoted 1 times
...
...
s3curity1
5 years, 2 months ago
yep APT. port 3333 is a known port being used by trojans/backdoor. since over 1 TB of bandwidth has been consumed, there must be some kind of exfiltration happening on the background.
upvoted 4 times
...
battlecreekspartan
5 years, 2 months ago
Should be APT
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel