ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 369 discussion

Actual exam question from CompTIA's CS0-002
Question #: 369
Topic #: 1
[All CS0-002 Questions]

A security analyst scanned an internal company subnet and discovered a host with the following Nmap output:



Based on the output of this Nmap scan, which of the following should the analyst investigate FIRST?

  • A. Port 22
  • B. Port 135
  • C. Port 445
  • D. Port 3389
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by PartialNarwhal at May 7, 2023, 1:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
justauser
Highly Voted 1 year, 9 months ago
Selected Answer: A
Question #369: Answer: A. Explanation: The Nmap output shows that several ports are open on the scanned host. Each port represents a potential security vulnerability, but the SSH service (port 22) stands out for two reasons. First, SSH allows remote access, which means an attacker could potentially take full control of the system if they were able to exploit this service. Second, it's unusual to see SSH running on a Windows host (as suggested by the presence of ports 135, 445, and 3389, all commonly associated with Windows systems). This combination of factors makes port 22 the most urgent to investigate. [Port 135 is associated with the Microsoft RPC service, which is often exploited by malware, but it's also a core service in Windows environments. Port 445 is used for SMB, a service used for file sharing. While these can be exploited, it's less unusual to see them on a Windows host. Port 3389 is used for RDP, another potential vector for attacks, but again it's less unusual to see this service on a Windows host.]
upvoted 7 times
...
Chilaqui1es
Most Recent 1 year, 4 months ago
Selected Answer: B
According to Google "hackers or unauthorized users can access a computer system through TCP Port 135 if it is left open" Im choosing B" Look up if Port 135 is secure
upvoted 1 times
...
yanyan20
1 year, 10 months ago
Selected Answer: B
https://www.examtopics.com/discussions/comptia/view/47028-exam-cs0-002-topic-1-question-124-discussion/
upvoted 1 times
...
CyberCEH
1 year, 10 months ago
Answer D
upvoted 1 times
...
Hershey2025
1 year, 10 months ago
Answer seems to be D. Why would one have a terminal server running. Hackers can connect remotely to it.
upvoted 1 times
...
ExamTopic147
1 year, 10 months ago
Selected Answer: B
Answer is PORT 135, 7 of us agree so gg
upvoted 1 times
PartialNarwhal
1 year, 10 months ago
Source: I made it up.
upvoted 7 times
...
...
PartialNarwhal
1 year, 10 months ago
Selected Answer: C
Based on the output of the Nmap scan provided, the analyst should investigate port 445 first. Port 445 is used for SMB (Server Message Block) file sharing, which is a common target for attackers looking to gain access to a network. An open SMB port can indicate that file sharing is enabled on the host, which could potentially allow an attacker to access sensitive data or gain unauthorized access to the network. Therefore, it is important for the analyst to investigate why port 445 is open and take appropriate action to secure the host if necessary. -ChatGPT
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago