ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 6 discussion

Actual exam question from CompTIA's CS0-002
Question #: 6
Topic #: 1
[All CS0-002 Questions]

SIMULATION -
You are a penetration tester who is reviewing the system hardening guidelines for a company's distribution center. The company's hardening guidelines indicate the following:
✑ There must be one primary server or service per device.
✑ Only default ports should be used.
✑ Non-secure protocols should be disabled.
✑ The corporate Internet presence should be placed in a protected subnet.

INSTRUCTIONS -
Using the tools available, discover devices on the corporate network and the services that are running on these devices.
You must determine:
✑ The IP address of each device.
✑ The primary server or service of each device.
✑ The protocols that should be disabled based on the hardening guidelines.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.


Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.


by TheSkyMan at Sept. 23, 2022, 2:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NBE
Highly Voted 1 year, 4 months ago
Please note that you have to type the nmap commands yourself nmap and the computer name for each one
upvoted 15 times
Pesos
6 months, 2 weeks ago
So is the question not actually pull down multiple choice?
upvoted 1 times
voiddraco
3 months, 1 week ago
nmap <Host> ping <Host> help
upvoted 1 times
...
ptbuchanan
4 months ago
Ditto!
upvoted 1 times
...
...
...
Kickuh06
Highly Voted 1 year, 3 months ago
Passed CS0-003 last week (757), this question was on it! 69 questions, 3 PBQ/SIMs. 25 questions that are in the first 200 questions of this board.
upvoted 13 times
...
dave_delete_me
Most Recent 6 months, 3 weeks ago
Someone asked how we know FarmerTed.Local is a switch? Here is my logic: a.) other servers are shown on topology to plug into FarmerTed.local b.) The very "CONSOLE" on the test question is usually the terminology when you "CONSOLE" into a switch... Sure this can be done on a Server to using iLO ports or OOB management switches, but given the ports are ONLY 23 (telnet) and 22 (ssh), it's a dead giveaway that this is a network device / switch.
upvoted 1 times
...
RT7
1 year ago
Hi turki_1993, I suppose the reason why FarmerTed.local is a switch is because the only secure protocol left is SSH and because SSH access is a preferred option to login to a Switch.
upvoted 6 times
...
turki_1993
1 year, 3 months ago
how can you know that FarmerTed.local is a switch? can anyone explain?
upvoted 3 times
...
iwonttellyou
1 year, 5 months ago
Passed it the other day, this one was on it.
upvoted 4 times
ghjhjhh
1 year, 5 months ago
Thanks mate!, How many questions from examtopic?. is it a lot?
upvoted 1 times
...
...
[Removed]
1 year, 6 months ago
This was on my exam and I passed.
upvoted 2 times
...
ApexPredator84
1 year, 10 months ago
was on mine today and applied as is ....passed the exam and the all the pbqs. thank you
upvoted 2 times
db97
1 year, 9 months ago
Was there any other PBQ from CS0-001 version?
upvoted 2 times
...
...
SylFlo
1 year, 10 months ago
this sim was on my test today i remembered the nmap command to get the ips and tried to remember the functions... i deduced the ports from the nmap output
upvoted 1 times
...
Freddy90
1 year, 10 months ago
I got this sim today. I believe CandyMan should have a non-compliant service port 135 not FTP 21. This is a file server and blocking FTP will affect the functionality right?
upvoted 3 times
db97
1 year, 10 months ago
Port 135 is needed within the network so the clients can connect properly. File servers use port 445 as well for network shares. Port 21 is not needed at all so the default answer is correct!
upvoted 5 times
...
...
cmllsu
1 year, 11 months ago
One of the 3 sims I got today, answer is correct.
upvoted 6 times
...
mandimus
2 years ago
Just took the test yesterday. This was one of four sims on the test.
upvoted 5 times
...
SolventCourseisSCAM
2 years, 1 month ago
In database server, port 3306 is unencrypted as I know. Ok this is database server and we need to disable dns as an unnecessary port, but why we keep using unencrypted port 3306. Please someone explain. Thank you
upvoted 3 times
throdrigo
2 years ago
MySQL uses 3306 and can use SSL over this port or any other to encrypt the connection.
upvoted 2 times
...
...
wtkao
2 years, 1 month ago
In database server, the non-compliance service should be MySQL 3306. Because Port 3306 is unencrypted.
upvoted 2 times
...
PTcruiser
2 years, 2 months ago
Does anyone have an explanation on why DNS should be disabled?
upvoted 2 times
Treymb6
2 years, 2 months ago
Because it's a a database and not a domain server. SSH is a secure protocol. Granted, SSH could be disabled if it is unnecessary but it seems like the given answer is correct in my opinion.
upvoted 4 times
...
...
TheSkyMan
2 years, 2 months ago
I keep wondering why these questions disable services needed for a server. Looks like per hardening guidelines, unencrypted services should be disabled. "Another area of concern is systems that are configured to use unencrypted protocols. Common unencrypted protocols include HTTP, TELNET, and FTP. If a system is using an unencrypted protocol, sensitive information such as usernames and passwords could be sent in clear text over the network. An attacker who is monitoring network traffic could potentially intercept this information." https://www.tracesecurity.com/blog/articles/system-hardening-standards
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel