ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 175 discussion

Actual exam question from CompTIA's CS0-002
Question #: 175
Topic #: 1
[All CS0-002 Questions]

A company uses an FTP server to support its critical business functions. The FTP server is configured as follows:
✑ The FTP service is running with the data directory configured in /opt/ftp/data.
✑ The FTP server hosts employees' home directories in /home.
✑ Employees may store sensitive information in their home directories.
An IoC revealed that an FTP directory traversal attack resulted in sensitive data loss. Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?

  • A. Implement file-level encryption of sensitive files.
  • B. Reconfigure the FTP server to support FTPS.
  • C. Run the FTP server in a chroot environment.
  • D. Upgrade the FTP server to the latest version.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Laudy at Sept. 8, 2022, 9:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jleonard_ddc
Highly Voted 2 years, 5 months ago
Selected Answer: C
The question asks how to avoid directory traversal; a chroot jail is the best way to do this. Not that encrypting files can't help, but that answer feels more like it was put there for the people who remember the incident involved data loss. However, the question is about stopping the directory traversal. All of the solutions are good measure for FTP vulnerabilities, but chroot jail will do the most for the immediate act of traversal (the rest help mitigate things at other stages)
upvoted 6 times
...
skibby16
Most Recent 1 year, 7 months ago
Selected Answer: C
This would limit the FTP server’s access to a specific directory tree and prevent directory traversal attacks that could access files outside of that tree. Implementing file-level encryption, supporting FTPS, or upgrading the FTP server would not prevent directory traversal attacks.
upvoted 1 times
...
2Fish
2 years, 3 months ago
Selected Answer: C
C. Running the FTP server in a chroot jail will prevent attackers from accessing sensitive files located outside the FTP server's root directory (/opt/ftp/data). By default, FTP servers have access to the entire file system, but running it in a chroot environment will restrict its access to a specific directory.
upvoted 1 times
...
CatoFong
2 years, 5 months ago
Selected Answer: C
chroot jail is correct
upvoted 1 times
...
Kwame25
2 years, 5 months ago
A is right
upvoted 1 times
...
TIM0088
2 years, 6 months ago
Selected Answer: B
To reduce the risk of current and future directory traversal attacks targeted at the FTP server, a server administrator should reconfigure the FTP server to support FTPS (B). Directory traversal attacks, also known as path traversal attacks, involve manipulating file paths in order to access files or directories that are outside the intended scope of access. One way to reduce the risk of such attacks is to use a secure FTP protocol, such as FTPS (FTP over SSL/TLS). FTPS encrypts the communication between the FTP client and server, making it more difficult for attackers to intercept or manipulate data. Other measures that may be helpful in reducing the risk of directory traversal attacks include file-level encryption of sensitive files (A), running the FTP server in a chroot environment (C), and upgrading the FTP server to the latest version (D). However, implementing FTPS is likely to be the most effective measure in this case, as it addresses the specific vulnerability that was exploited in the directory traversal attack.
upvoted 1 times
TIM0088
2 years, 6 months ago
Change my answer to C. chroot is a very important security feature of FTP servers. When you log in to a FTP server, you don't want users to browse all your filesystem. You only want him/her to browse the files that he/she is able access, usually their home directories. This is what chroot does. It locks the users in their home directories.
upvoted 2 times
...
...
Treymb6
2 years, 9 months ago
Selected Answer: C
File encryption doesn't stop directory traversal. It is C.
upvoted 1 times
...
Adrian831
2 years, 9 months ago
Selected Answer: C
C makes the most sense here.
upvoted 2 times
...
piotr3439
2 years, 9 months ago
Selected Answer: C
Answer: C - Place local users in a chroot jail based on their home directory.
upvoted 3 times
...
Laudy
2 years, 10 months ago
How is this not chroot jail?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel