CompTIA Exam CS0-002 Topic 5 Question 74 Discussion

Actual exam question for CompTIA's CS0-002 exam

Question #: 74
Topic #: 5

A security analyst implemented a solution that would analyze the attacks that the organization's firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command:

$ sudo nc ---1 ---v ---e maildaemon.py 25 > caplog.txt

Which of the following solutions did the analyst implement?

ALog correlation

BCrontab mail script

CSinkhole

DHoneypot
A) Log correlation is not correct. Log correlation is a process of analyzing and correlating data from multiple sources, such as firewalls, servers, applications, or devices, to identify patterns, trends, or anomalies. Log correlation can help to improve security visibility, detection, and response, but it does not describe the solution that the analyst implemented.
B) Crontab mail script is not correct. Crontab is a tool that allows users to schedule commands or scripts to run at specified times or intervals on a Linux system. A mail script is a script that can send or receive email messages using a mail server. A crontab mail script could be used to automate email tasks, such as sending reports or alerts, but it does not describe the solution that the analyst implemented.
C) Sinkhole is not correct. A sinkhole is a technique that redirects malicious or unwanted traffic to a controlled destination, such as a fake or isolated server. A sinkhole can help to prevent or mitigate the impact of attacks, such as botnets, malware, or phishing, by blocking or capturing the traffic. However, a sinkhole does not describe the solution that the analyst implemented.
1:CompTIA CySA+ Exam: Implementing a Firewall Analysis Solution

Show Suggested Answer

Suggested Answer: D

The correct answer is D. Honeypot. A honeypot is a security mechanism designed to detect and deflect attempts at unauthorized use of information systems. In this case, the analyst has set up a system to listen on a network port that is commonly used for email traffic. The purpose of this honeypot is to attract attackers and allow the security analyst to observe their behavior and tactics.By monitoring the traffic that is captured in the caplog.txt file, the analyst can identify attacks that were not blocked by the organization's firewalls1.

by Merissa at Feb 08, 2024, 02:58 AM

Limited Time Offer

25%

Off

Get Premium CS0-002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Heidy

8 days ago

Ooh, that's a good point, Myra. If that's the case, then the solution they implemented could be a honeypot, where they're capturing and analyzing the network traffic that the firewall didn't catch.

upvoted 0 times

...

Myra

9 days ago

Wait a minute, I think I know what's going on here. The 'nc' command is short for 'netcat', which is a network utility tool that can be used to create network connections and transfer data. Maybe the analyst used it to capture network traffic and analyze it for attacks that the firewall missed.

upvoted 0 times

...

Amie

10 days ago

Yeah, I agree. The command line looks like it's trying to pipe the output of a Python script called 'maildaemon.py' to a file called 'caplog.txt'. That doesn't sound like any of the solutions mentioned.

upvoted 0 times

...

Leslee

11 days ago

Hmm, this question seems a bit tricky. The command line provided doesn't seem to match any of the solutions listed. I'm not sure what to make of it.

upvoted 0 times

...