ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 332 discussion

Actual exam question from CompTIA's CS0-003
Question #: 332
Topic #: 1
[All CS0-003 Questions]

SIMULATION
-

An organization’s website was maliciously altered.


INSTRUCTIONS
-

Review information in each tab to select the source IP the analyst should be concerned about, the indicator of compromise, and the two appropriate corrective actions.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.







Show Suggested Answer Hide Answer
Suggested Answer:
by Popeyes_Chicken at Jan. 18, 2025, 8:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TommyZ
Highly Voted 3 months ago
Main point is what 7167087 said. "website was maliciously altered" IP 41 logs in and modifies the index.html file which is what the question states. So IP 41. Modified Index.html file. Change the password Block external sftp access I'm taking the exam tomorrow and that's what I'm going with. This question was just posted a week ago. Expecting to get it. Wish me luck 🤞
upvoted 6 times
Wolf541
2 months, 3 weeks ago
How did your exam go I am taking mine in a few days?
upvoted 1 times
...
Popeyes_Chicken
2 months, 3 weeks ago
Good luck! Check back in if you see this to let us know how things went! I'll be taking it next week =]
upvoted 2 times
...
...
Popeyes_Chicken
Highly Voted 3 months, 1 week ago
I think the source IP is incorrect. 32.111.16.37 shows one failed login attempt after a previous successful login. I don't see any indicator of a brute force attempt, the failed attempt was probably a typo. The multiple tcp time wait connections may have been legitimate activity. The modification happened directly after 41.21.18.102 authenticated successfully. Thoughts?
upvoted 5 times
...
7167087
Most Recent 3 months, 1 week ago
I believe it's the 41. address that is the malicious source IP address. The question is about the website being maliciously modified. The 41. address modifies the index file as an external address and has an existing connection.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago