ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SK0-005 All Questions

View all questions & answers for the SK0-005 exam
Go to Exam

Exam SK0-005 topic 1 question 36 discussion

Actual exam question from CompTIA's SK0-005
Question #: 36
Topic #: 1
[All SK0-005 Questions]

A large number of connections to port 80 is discovered while reviewing the log files on a server. The server is not functioning as a web server. Which of the following represent the BEST immediate actions to prevent unauthorized server access? (Choose two.)

  • A. Audit all group privileges and permissions
  • B. Run a checksum tool against all the files on the server
  • C. Stop all unneeded services and block the ports on the firewall
  • D. Initialize a port scan on the server to identify open ports
  • E. Enable port forwarding on port 80
  • F. Install a NIDS on the server to prevent network intrusions
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by dnc1981 at March 30, 2022, 9:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ariel235788
Highly Voted 2 years, 4 months ago
Selected Answer: CD
Auditing isnt preventative. It is Detective. CD are the correct answers.
upvoted 5 times
Ariel235788
2 years, 4 months ago
You want to identify all open ports and disable the unneeded ones. Only way to do that is with a port scan. Running an audit is not an immediate preventative measure
upvoted 4 times
...
...
Pongsathorn
Most Recent 1 year, 9 months ago
Selected Answer: CD
Disable Unused Services/Close Unneeded Ports Any services that are not required on the server should be disabled. Only those required for the server to perform its role in the network should be left on. The easiest way to do this is to install a host firewall on the system and adopt a “disable by default” policy with respect to services by closing the port used for the service. Then manually enable any you need.
upvoted 1 times
...
dcdc1000
1 year, 10 months ago
Okay, I think C and D. Here's why. For answer C, you can block port 80 at the firewall. Done! Now for answer D, running port scan on server will identify other unauthorized open ports. The answer can't be F because, it states NIDS, and the question is only focus on a single server. Which means if anything, you would install a HIDS to detect intrusions. Boom!
upvoted 1 times
...
Dion79
2 years, 2 months ago
Lets talk about why the server is not functioning as a web server and what is it functioning as? File server? Directory Service? Doesn't state... Why is port 80 open if this server is not functioning as a web server? Maybe insider threat? rough employee? someone with elevated or admin rights messing with the server? horrible question and a trick.
upvoted 2 times
ITken
11 months, 1 week ago
One of the tricks used on a compromised system is to utilize port 80 for communication. Regardless of what it's typically used for (http), any service can run on any port you configure it to run on. Threat actors will use it because it's a port that is commonly used for web traffic and, as such, will likely not be blocked by the firewall. Now, on most computers, ports below 1024 are privileged ports that require an super user account for those services to bind to said ports. However, if the server is compromised, it's likely that the threat actors already have super user access to that system.
upvoted 1 times
...
Dion79
2 years, 1 month ago
Agree with others I'd go with C and D. A is definitely a possibility and CompTIA are the masters of word trickery.
upvoted 1 times
...
...
PEsty93
2 years, 3 months ago
Selected Answer: CD
You would need to do A, to ensure nothing has been changed, but it won't prevent access and that is the question.
upvoted 2 times
...
dnc1981
2 years, 4 months ago
C and maybe F are the immediate actions you would take. A is not an immediate action
upvoted 2 times
dnc1981
2 years, 4 months ago
And D would take too long
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel