ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 166 discussion

Actual exam question from CompTIA's CS0-001
Question #: 166
Topic #: 1
[All CS0-001 Questions]

HOTSPOT -
A security analyst performs various types of vulnerability scans.
Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.
Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
1. non-credentialed scan - File Print Server: False positive is first bullet point.
2. credentialed scan "" Linux Web Server: No False positives.
3. Compliance scan - Directory Server
by shoop at June 6, 2020, 4:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kuku55
4 years, 2 months ago
1. credentialed scan - File Print Server 2. non-redentialed scan - Linux Web Server, FP is the messenger service its for windows 3. Compliance scan - Directory Server 1 is credential since it knows the patch information for the server, you can check nessus for that.
upvoted 1 times
...
rodya2020
4 years, 6 months ago
This question was on the exam (october-2020)
upvoted 2 times
FCD
4 years, 6 months ago
What did you choose?
upvoted 1 times
...
...
Blind_Hatred
4 years, 9 months ago
1. NON-CREDENTIALED (File/Print Server) False Positives: - 58662 2. CREDENTIALED (Linux Web Server) False Positives: - 19407 3. COMPLIANCE (Directory Server) I'm not really cetain if number 2 is really a CREDENTIALED scan though. Would it be possible for the scans to be both uncredentialed scans? Is that also an option? Because if it is, I'm tempted to put both of them in NON-CREDENTIALED. Another small issue here is 11890, which seems to be related to a Microsoft vulnerability, not an Ubuntu one. The CVE ID in the example is incorrect. This might be a piece of incorrect data which we wouldn't see during the exam, I hope?
upvoted 4 times
rapmoc
4 years, 9 months ago
my feeling says both are non-credentialed, the mentioned false positives are correct
upvoted 1 times
...
kkarri
4 years, 6 months ago
1 - NON-CREDENTIALED (File/Print Server): False positive : 12209 Security update for microsoft windows 2 - CREDENTIALED (Linux web server) False Positives: 19407 VULNERABILITY IN PRINT SPOOLER SERVICE COULD ALLOW REMOTE CODE EXECUTION (896423) more info : https://www.trendmicro.com/vinfo/in/threat-encyclopedia/archive/security-advisories/(ms05-043)%20vulnerability%20in%20print%20spooler%20service%20could%20allow%20remote%20code%20execution%20(896423) 3 - COMPLIANCE (Directory Server)
upvoted 2 times
...
jleonard_ddc
2 years, 1 month ago
11890 is not a real vulnerable at all, but even without that information from Google, there's no indication it's a Microsoft one. In fact it also has an associated CVE. Howerver, 896423 was not only a vulnerability on the Windows file server, it's also the same type of syntax MS uses for their KB references. The linux server should not be detecting a missing Windows KB. The false positive is the first bullet point
upvoted 1 times
...
...
BigBo01010
4 years, 9 months ago
This question is on the exam.
upvoted 2 times
...
shoop
4 years, 10 months ago
how could the top one be non-credentialed scan if it can see task scheduler???
upvoted 2 times
s3curity1
4 years, 10 months ago
Search for the Nessus ID. Format for the vulnerability listings below is "Severity (CVSS?) "Nessus ID" First part is Non-credentialed, and FP should be Samba as all the other vulnerabilites are for windows. Second part is credentialed, and FP is Buffer overrun in Messenger service as this is for windows, all the other vulns are for linux. Third part is compliance check.
upvoted 3 times
Hibster
4 years, 10 months ago
Is 19407 not for windows as well? https://www.tenable.com/plugins/nessus/19407
upvoted 2 times
jleonard_ddc
2 years, 1 month ago
Not only is 19407 for Windows, there is no hint that the Messenger service isn't for Linux. Granted that type of wording conjurs up associations with MS products, but there is clearly enough information identifying it as an Ubuntu service. 19407 is the one and only false positive here
upvoted 1 times
...
...
...
s3curity1
4 years, 10 months ago
and task scheduler remote over flow in nessus is via uncredentialed scans
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago