New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CS0-003 Exam - Topic 3 Question 35 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 35
Topic #: 3
[All CS0-003 Questions]

A security analyst runs the following command:

# nmap -T4 -F 192.168.30.30

Starting nmap 7.6

Host is up (0.13s latency)

PORT STATE SERVICE

23/tcp open telnet

443/tcp open https

636/tcp open ldaps

Which of the following should the analyst recommend first to harden the system?

Show Suggested Answer Hide Answer
Suggested Answer: A

Comprehensive Detailed

The nmap scan results show that Telnet (port 23) is open. Telnet transmits data, including credentials, in plaintext, which is insecure and should be disabled to enhance security. Here's an explanation of each option:

A . Disable all protocols that do not use encryption

Disabling unencrypted protocols (such as Telnet) reduces exposure to man-in-the-middle (MITM) attacks and credential sniffing. Telnet should be replaced with a secure protocol like SSH, which provides encryption for transmitted data.

B . Configure client certificates for domain services

While client certificates enhance authentication security, they are more relevant to services like LDAP over SSL (port 636), which is already secure. This would not address the Telnet vulnerability.

C . Ensure that this system is behind a NGFW

A Next-Generation Firewall (NGFW) provides enhanced network security, but it may not mitigate the risks of unencrypted protocols if they are allowed internally.

D . Deploy a publicly trusted root CA for secure websites

Public root CAs are used for website authentication and encryption, relevant only if this system is hosting a publicly accessible HTTPS service. It would not impact Telnet security.


CIS Controls: Recommendations on secure configurations, especially the use of encrypted protocols.

NIST SP 800-47: Security considerations for network protocols, emphasizing encrypted alternatives like SSH over Telnet.

by Kathryn at Nov 18, 2024, 05:05 AM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tarra
3 months ago
B could be useful too, but A should be first for sure.
upvoted 0 times
...
Cordell
3 months ago
Agreed, A is a must. Encryption is key!
upvoted 0 times
...
Amira
3 months ago
Wait, why would we trust a root CA? Sounds risky!
upvoted 0 times
...
Maynard
4 months ago
I think C is more important, NGFWs are essential for protection.
upvoted 0 times
...
Therese
4 months ago
Definitely A, telnet is super outdated and insecure.
upvoted 0 times
...
Alyce
4 months ago
Deploying a publicly trusted root CA sounds important for secure communications, but I think we should focus on the immediate vulnerabilities first, like the open Telnet port.
upvoted 0 times
...
Colette
4 months ago
I feel like putting the system behind a next-gen firewall could help, but I wonder if that’s more of a secondary measure after addressing the open ports.
upvoted 0 times
...
Estrella
4 months ago
I'm not entirely sure, but I think configuring client certificates might be more relevant for authentication rather than hardening the system itself.
upvoted 0 times
...
Laticia
5 months ago
I remember we discussed the importance of disabling unencrypted protocols like Telnet in class. That seems like a good first step.
upvoted 0 times
...
Arleen
5 months ago
I think ensuring the system is behind a next-gen firewall is a solid recommendation. That would provide an additional layer of protection.
upvoted 0 times
...
Catalina
5 months ago
Configuring client certificates could also be a good option, but I'm not sure if that's the best approach for this specific scenario.
upvoted 0 times
...
Jesusita
5 months ago
Disabling unencrypted protocols seems like the obvious choice here. That should be the first step to harden the system.
upvoted 0 times
...
Marjory
5 months ago
Hmm, I'm not sure about this one. There are a few options that could work, but I'll need to think it through carefully before answering.
upvoted 0 times
...
Ceola
5 months ago
This looks like a straightforward security hardening question. I'd recommend disabling any unencrypted protocols first to reduce the attack surface.
upvoted 0 times
...
Evangelina
1 year ago
I think option C) Ensure that this system is behind a NGFW is also crucial for added protection.
upvoted 0 times
...
Major
1 year ago
I agree with Amie. It's important to prioritize security by disabling unencrypted protocols.
upvoted 0 times
...
Stephaine
1 year ago
Client certificates? That's some hardcore security stuff right there. I bet the analyst's fingers are gonna be cramping up just trying to configure that.
upvoted 0 times
...
Ethan
1 year ago
Nah, man, I'd go for the NGFW option. That'll give you a solid firewall to block all the bad stuff before it even gets to the system.
upvoted 0 times
Barabara
1 year ago
D) Deploy a publicly trusted root CA for secure websites.
upvoted 0 times
...
Lisbeth
1 year ago
C) Ensure that this system is behind a NGFW.
upvoted 0 times
...
Adell
1 year ago
B) Configure client certificates for domain services.
upvoted 0 times
...
Gail
1 year ago
A) Disable all protocols that do not use encryption.
upvoted 0 times
...
...
Leila
1 year ago
Definitely, the first thing to do is disable all the unencrypted protocols like telnet. Gotta keep that data secure, yo!
upvoted 0 times
Vallie
1 year ago
C) Ensure that this system is behind a NGFW.
upvoted 0 times
...
Paola
1 year ago
B) Configure client certificates for domain services.
upvoted 0 times
...
Tracey
1 year ago
A) Disable all protocols that do not use encryption.
upvoted 0 times
...
...
Amie
1 year ago
I think the analyst should recommend option A) Disable all protocols that do not use encryption.
upvoted 0 times
...

Save Cancel