ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 182 discussion

Actual exam question from CompTIA's CS0-002
Question #: 182
Topic #: 1
[All CS0-002 Questions]

HOTSPOT -
A security analyst performs various types of vulnerability scans.
Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

INSTRUCTIONS -
Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for False Positives and check the Findings that display false positives.
NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.
Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results. The Linux Web Server, File-Print Server, and
Directory Server are draggable.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by Laudy at Sept. 8, 2022, 9:49 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
db97
Highly Voted 2 years, 2 months ago
File-Print Server / non-credentialed / fp: 4th one due to it's a windows machine and samba is for linux Linux Web Server / credentialed / fp: 1st one due to it's a linux machine and printer spooler service is for windows Directory Server / compliance / no fp
upvoted 17 times
khrid4
2 years ago
this is also my answer.
upvoted 1 times
...
ZUL01
1 year, 11 months ago
Where did you find that SAMBA is only for Linux? I checked many sources in google and in every site there is information that it is available on Linux and on Windows as well.
upvoted 2 times
...
db97
2 years, 2 months ago
References for the samba vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182 References for the printer spooler service vulnerability: https://www.tenable.com/plugins/nessus/19406
upvoted 4 times
...
mraval
2 years, 1 month ago
I have checker all Security Update for Microsoft Windows (835732) Microsoft Windows Task Scheduler Remote Overflow (841873) Vulnerability in SMB Could Allow Remote Code Execution (896422) Samba 3x3.6.4/3.5.14/3.4.16 RPC Multiple Buffer Overflows (20161146) Vulnerability in Printer Spooler Service Could Allow Remote Code Execution (895423) all are valid Vulnerability except line 4. so its clear line 4 is False Positive
upvoted 2 times
...
...
Weezyfbaby
Highly Voted 2 years, 6 months ago
Passed the exam today and I went with : 1. non-credentialed scan – File Print Server: False positive is the first bullet point. 2. credentialed scan – Linux Workstation: No False positives. 3. Compliance scan – Directory Server
upvoted 11 times
SolventCourseisSCAM
2 years, 5 months ago
how many questions did you get in the exam? 66/4 pbq - 70 in total?
upvoted 2 times
...
...
Starburst
Most Recent 1 year, 9 months ago
Listing 1: File-Print Server / non-credentialed / No FP (the Samba issue IS an issue on Windows systems with SAMBA installed) Listing 2: Linux Web Server / credentialed / 1st line is FP (It's a Windows issue) Listing 3: Directory Server / compliance / No check for FP as per instructions So, I'm saying the only FP is the 1st line of the 2nd listing
upvoted 5 times
...
ZUL01
1 year, 11 months ago
Why the most voted answers doesn't have any explanation? 1. non-credentialed scan – File Print Server: False positive should be Samba. Samba vulnerability is related only with linux OS. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182) I don't know, why you mark 1st bullet as FP. By checking the Tenable site: "https://www.tenable.com/plugins/nessus/12209" we can find that this vulnerability is related only with Windows OS. Of course this vuln is related with oldies like XP or Windows 2000, but we don't know what is sitting in this server. 2. credentialed scan – Linux Workstation: FP - 1st bullet. By checking tenable again "https://www.tenable.com/plugins/nessus/19406" we can find that this vulnerability is related only with Windows machines. 3. Compliance scan – Directory Server
upvoted 6 times
...
db97
2 years, 2 months ago
The only thing I can't understand yet is that: why can't we mark the first vulnerability in the linux web server as FP? I mean, it's a linux environment so why the results show a vulnerability in printer spooler service? lol that's for windows environments. Can someone please give to me a hand?
upvoted 2 times
ZUL01
1 year, 11 months ago
IMO we should mark this as FP as it is vulnerability for Windows.
upvoted 2 times
...
...
david124
2 years, 2 months ago
passed the exam today and this was on it good luck to you all
upvoted 1 times
Joshgip95
2 years, 1 month ago
Okay, but what's the answer? You guys saying this doesn't help anything.
upvoted 9 times
...
...
IanRogerStewart
2 years, 2 months ago
No one has offered any explanation why the 1st bullet (Windows Update) is a FP. Much more likely is the Samba service which isn't needed on Windows. Also on the linux server, it is showing an identical print spooler vuln which has to be an FP as that looks like a windows issue. . . .
upvoted 3 times
catastrophie
2 years, 2 months ago
The reason for the 1st bullet being a FP is because that vulnerability 835732 applies to Microsoft Windows 2000 only. That said a print server could become vulnerable if the Windows workstation below is running 2000 unpatched, but the assessment should not flag the print server itself. Samba isn't needed on Windows printer servers but can be installed to assist in the SMB/CIFS support if needed I suppose. I agree that its an odd ball to see there but I think the first bullet is the only one that doesn't fit in.
upvoted 1 times
...
...
SylFlo
2 years, 2 months ago
this was on my test today, i went with non-cred, cred, comp scan
upvoted 1 times
SOL_Z
2 years, 2 months ago
did you use the answers from here? did you pass?
upvoted 1 times
...
...
MrRobotJ
2 years, 5 months ago
How do we know which one was credentialed scan and which one non-credentialed scan? Also, why is this one a FP? " File Print Server: False positive is the first bullet point." Any help would be appreciated.
upvoted 3 times
lordguck
2 years, 4 months ago
CVE-* gives you the needed hint for "credential"
upvoted 3 times
...
...
Vanicream
2 years, 5 months ago
agree with all but the false positive on 2 is the print spooler, why would a web server have print spooling issues?
upvoted 2 times
db97
2 years, 2 months ago
I'm thinking about the same, I still don't know why everyone keeps saying the first bullet point is the FP.
upvoted 1 times
...
...
mandimus
2 years, 5 months ago
Just took the test yesterday. This was one of four sims on the test.
upvoted 1 times
Joshgip95
2 years, 1 month ago
Okay, but what's the answer? You guys saying this doesn't help anything.
upvoted 4 times
...
...
jchutch2
2 years, 6 months ago
1. non-credentialed scan – File Print Server: False positive is the first bullet point. 2. credentialed scan – Linux Workstation: No False positives. 3. Compliance scan – Directory Server
upvoted 1 times
...
R00ted
2 years, 7 months ago
1. non-credentialed scan – File Print Server: False positive is the first bullet point. 2. credentialed scan – Linux Web Server: No False positives. 3. Compliance scan – Directory Server
upvoted 9 times
jchutch2
2 years, 6 months ago
Ubuntu is a workstation OS, not a server OS. The server would likely be RHEL or CENTOS.
upvoted 3 times
R00ted
2 years, 6 months ago
Yep, you are correct. The correct answer is: 1. non-credentialed scan – File Print Server: False positive is the first bullet point. 2. credentialed scan – Linux WORKSTATION: No False positives. 3. Compliance scan – Directory Server
upvoted 4 times
...
db97
2 years, 2 months ago
There is an ubuntu server version as well...
upvoted 2 times
...
catastrophie
2 years, 2 months ago
I'm confused on this comment. Ubuntu absolutely does have a server and desktop OS, they also have SERVER and Desktop OS's for each of the releases mentioned in the example (5.10, 6.06, and 6.10). Am I missing a clue in the example that points to a workstation? Not that it matters in the long run but I try to make sure I'm not overlooking key details. Thanks!
upvoted 1 times
...
...
2Fish
2 years, 1 month ago
Agree. I had to look at this multiple times.
upvoted 1 times
2Fish
2 years ago
Also: https://www.examtopics.com/discussions/comptia/view/22265-exam-cs0-001-topic-1-question-166-discussion/
upvoted 2 times
...
...
...
Laudy
2 years, 7 months ago
I was thinking the spool service on the web server was a false positive... Why does it have spool service when there's an otherwise dedicated printer server?...
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago