ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 396 discussion

Actual exam question from CompTIA's CS0-001
Question #: 396
Topic #: 1
[All CS0-001 Questions]

A security administrator needs to create an IDS rule to alert on FTP login attempts by root. Which of the following rules is the BEST solution?

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by B1llGat3s at July 28, 2020, 11:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kyky
1 year, 12 months ago
Selected Answer: C
C. alert tcp any any -> any 21 (content: "root") This rule specifies that the IDS should generate an alert when it detects a TCP connection from any source IP and any source port to any destination IP on port 21 (FTP), and the content of the traffic contains the string "root." This rule specifically looks for FTP login attempts that involve the username "root."
upvoted 1 times
...
jackdawson
4 years, 8 months ago
What sort of idiot created this question?! They couldn't type out the options? My god
upvoted 1 times
...
rodya2020
4 years, 8 months ago
This question was on the exam
upvoted 3 times
...
B1llGat3s
4 years, 11 months ago
LOL. CompTIA have nicked this question from CEH v6. Answer B is good for Snort.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel