ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 748 discussion

Actual exam question from CompTIA's SY0-501
Question #: 748
Topic #: 1
[All SY0-501 Questions]

A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output:

Time: 12/25 0300 -

From Zone: Untrust -

To Zone: DMZ -

Attacker: externalip.com -

Victim: 172.16.0.20 -

To Port: 80 -

Action: Alert -

Severity: Critical -
When examining the PCAP associated with the event, the security administrator finds the following information:
<script> alert ("Click here for important information regarding your account! http://externalip.com/account.php"); </ script>
Which of the following actions should the security administrator take?

  • A. Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic.
  • B. Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events.
  • C. Implement a host-based firewall rule to block future events of this type from occurring.
  • D. Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by AllenFox at July 6, 2020, 10:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
WDE2015
Highly Voted 4 years, 9 months ago
Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic. Your just generating the signature to block traffic which could be handled bu your UTM. Your HIDS uses datasets. Answer Should be A
upvoted 11 times
Waffa
4 years, 9 months ago
Agree answer should be A , We do not want to prevent the attack on host basis , we want to prevent for whole network
upvoted 2 times
...
JJJJJJames123
4 years, 1 month ago
PCAP is not on the Comptia Security + Acronyms List.
upvoted 1 times
...
Heymannicerouter
4 years ago
IDS doesnt block traffic, only detects it
upvoted 2 times
...
...
madaraamaterasu
Most Recent 4 years ago
Yes IDS doesn't block but they are say they are using an UTM, ids will provide the signature to the UTM and the UTM will block it?
upvoted 1 times
...
Computerguy
4 years ago
closest answer is D but it is possible this may be a typo and the really meant IPS in that case it would be A
upvoted 1 times
...
[Removed]
4 years, 2 months ago
This question is so difficult. I can't get it right. No idea what to pick.
upvoted 1 times
...
exiledwl
4 years, 5 months ago
Not sure what the right answer is, but I think everyone is unfairly ruling out A and B. The question is asking how to block the attack in the future the question asks "WHICH OF THE FOLLOWING SECURITY ACTIONS SHOULD THE SECURITY ADMIN TAKE?"
upvoted 2 times
Hash___
4 years, 4 months ago
IDS doesn't block and both A and B is telling you that.
upvoted 3 times
...
...
mdmdmd
4 years, 5 months ago
Sure IDS only detect, but the answer says to generate a blocking signature for future occurrence...the chosen answer is correct
upvoted 2 times
...
Snellers
4 years, 5 months ago
An IDS will not block anything! That is an IPS so you can rule those answers out
upvoted 2 times
...
ciki
4 years, 7 months ago
A cannot deny  C must do it for very host D is just onetime
upvoted 1 times
...
Hanzero
4 years, 8 months ago
Since severity is critical shouldn't A and B be ruled out since they'll just detect?
upvoted 2 times
...
babati
4 years, 9 months ago
XSS or phishing? Phishing is a combination of social engineering and spoofing (disguising one computer resource as another). In the case of phishing, the attacker sets up a spoof website to imitate a target bank or e-commerce provider's secure website or some other web resource that should be trusted by the target. The attacker then emails users of the genuine website informing them that their account must be updated or with some sort of hoax alert or alarm, supplying a disguised link that actually leads to their spoofed site.
upvoted 1 times
DookyBoots
4 years, 7 months ago
Isn't this more of an example of CSRF than XSS?
upvoted 2 times
...
...
WDE2015
4 years, 9 months ago
PCAP provides the packet Capture and filtering engines of many open-source and commercial network tools, including protocol analyzers (packet sniffers), network monitors, network intrusion detection systems, traffic-generators and network-testers.
upvoted 1 times
...
tikktakk
4 years, 10 months ago
I would also choose D. A and B can be excluded, as IDS systems are passive and are only used for detection. A classic firewall works on other OSI layers and would not detect this kind of attack.
upvoted 3 times
...
Diogenes_td
4 years, 10 months ago
Nop. Another answer which doesn't make any sense. I would go for "D"
upvoted 3 times
...
AllenFox
4 years, 10 months ago
Shouldn't it be D?
upvoted 3 times
Dante_Dan
4 years, 10 months ago
I agree. But I can´t explain
upvoted 1 times
...
Dante_Dan
4 years, 10 months ago
Well for starters, host-based or any kind of IDS won't block anything.
upvoted 10 times
Aerials
4 years, 10 months ago
Dante is right. IDS only detects. They do not prevent.
upvoted 5 times
...
DookyBoots
4 years, 7 months ago
Yeah but I think the IDS is apart of the UTM (which is in the question). There has to be detection before a response. The IDS is just the alert system to notify another part of the system to react? The IDS would be just one of the security functions.
upvoted 1 times
who__cares123456789___
4 years, 4 months ago
What if the actual exam reads --- A.) Upload the PCAP to the IPS? and this is just a typo on this page!! I know, I suck! lol
upvoted 4 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel