ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 835 discussion

Actual exam question from CompTIA's SY0-501
Question #: 835
Topic #: 1
[All SY0-501 Questions]

An attacker is able to capture the payload for the following packet:
IP 192.168.1.22:2020 10.10.10.5:443
IP 192.168.1.10:1030 10.10.10.1:21
IP 192.168.1.57:5217 10.10.10.1:3389
During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company.
Which of the following is the MOST likely reason?

  • A. The attacker has exploited a vulnerability that is commonly associated with TLS1.3.
  • B. The application server is also running a web server that has been compromised.
  • C. The attacker is picking off unencrypted credentials and using those to log in to the secure server.
  • D. User accounts have been improperly configured to allow single sign-on across multiple servers.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CoRell at Aug. 13, 2020, 3:09 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
saginin
Highly Voted 4 years, 8 months ago
443 = public facing website 21 = ftp to transfer data 3389 = to access the target using RDP Hence, attacker was successful to gain the access using same credentials to break-in
upvoted 6 times
...
Argo
Most Recent 4 years, 3 months ago
443,21, 3389 These are all secure ports. Only way to get unauthorized access is by somehow obtaining the credentials
upvoted 2 times
NLT
4 years, 3 months ago
How 21 and 3389 are supposed to be secure ports?
upvoted 4 times
...
mcNik
4 years, 3 months ago
There is nothing secure in port 21 FTP by itself.
upvoted 6 times
...
...
CoRell
4 years, 8 months ago
A. Unlikely. I haven't seen anything yet regarding vulnerabilities for this version. B. Could be (port on line 1 is 443) C. Unlikely. I don't see any credentials leaked in the capture provided. D. Maybe, as there's also an FTP server here (line 2, port 21), which has unencrypted credentials, however, again in the package capture there are no credentials displayed that would hint to that.
upvoted 2 times
SaudSensi
4 years, 8 months ago
i think the provided answer is corrected since the only hint is the port 21 ftp, which does not provide any encryption so in the packet that belongs to the port 21 it has those credentials in the clear. https://www.ftptoday.com/blog/sftp-vs-ftp-understanding-the-difference#:~:text=The%20traditional%20file%20transfer%20protocol%20(FTP)%20is%20a%20simple%20way,for%20anyone%20who%20intercepts%20it.
upvoted 22 times
babati
4 years, 8 months ago
All authentication and data transfer are communicated as plain text, meaning that credentials can easily be picked out of any intercepted FTP traffic. Note: Do not re-use secure passwords (such as Windows authentication passwords) for FTP applications. Any password used for FTP should be regarded as unsecure.
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago