Exam CS0-002 All QuestionsBrowse all questions from this exam
Go to Exam
Question 196

SIMULATION -

You are a cybersecurity analyst tasked with interpreting scan data from Company A’s servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.

The company’s hardening guidelines indicate the following:

• TLS 1.2 is the only version of TLS running.

• Apache 2.4.18 or grater should be used.

• Only default ports should be used

INSTRUCTIONS -

Using the supplied data, record the status of compliance with the company’s guidelines for each server.

The question contains two parts; make sure you complete Part1 and Part2. Make recommendations for issues based ONLY on the hardening guidelines provided.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    Correct Answer:

Discussion
Comptia_Secret_Service

The question is incomplete, it doesn't show the other scan results for other app servers. I have found them anyway at "https://vceguide.com/simulation-421". I'm also confused about the recommendation answers, the options don't allow a specific version of TLS to be selected, only the service in general. With that said here is my take. AppServ1 is only using TLS.1.2 AppServ4 is only using TLS.1.2 AppServ1 is using Apache 2.4.18 or greater AppServ3 is using Apache 2.4.18 or greater AppServ4 is using Apache 2.4.18 or greater Recommendations - disable TLS v1.1 on AppServ2 and AppServ3 OR configure HTTPD Security service on both AppServ2 & AppServ3 to strictly use TLS 1.2 - upgrade AppServ2 Apache to version 2.4.48 from its current version of 2.3.48 - Move ssh service port to port 22 on AppServ4

NerdAlert

great find! there was so much missing!

NerdAlert

also disable TLS 1.0 on AppServer 2 & 3

f405aa0

Apache Server aka "HTTPD" - so HTTPD Securtiy - Restrict to newer version.

PhillyCheese

To piggyback on the response that @Comptia_Secret_Service contributed regarding https://vceguide.com/simulation-421, the answer in part 2 "Configuration Change Recommendations," it is better worded as a recommendation is to "Restrict to TLS 1.2" on AppServ2 and AppServ3". Disabling only TLS 1.1 is not an option and wouldn't make sense because AppServ2 and AppServ3 have TLS 1.0 and TLS 1.1 enabled. Restrict to TLS 1.2 is the option given to address the TLS guideline. I stand by everything else in @Comptia_Secret_Service's post.

2Fish

Agree.. Thanks for the input.

PartialNarwhal

GO TO THIS WEBSITE AND LOOK AT THE ACTUAL QUESTION!! https://vceguide.com/simulation-421/ This question is on the test, and you will not get it right looking at the example above! Read the comments below they will save you!

slcc99

This question was put on the exam

eddy72

This question is still available for CSO-003 exam.

Sandman1976

Is this even on the test?

Sandman1976

this question is all over the place

NIKTES

Link to full question: https://vceguide.com/simulation-687/

eddy72

This question is still available for CS0-003.

dave_delete_me

How can you tell which TLS version is running from scan data?

Iandyxtran

• TLS 1.2 is the only version of TLS running. • Apache 2.4.18 or greater should be used. • Only default ports should be used With that being said, Scan Data Analysis is AppServ 1 and 4 is only using TLS1.2 AppServ 1/3/4 is 2.4.18 or greater. Recommendations are AppServ2 - Apache Version - Upgrade Version AppServ4 - SSH - Move to port 22 (Default port) Questionable AppServ 2 & 3 - ?HTTPD Security? - Restrict to TLS 1.2 Options are HTTPD Security / MySQL/ Telnet / ApacheVersion and / SSH. If anyone can input on the last part. I have suspicions, but nothing concrete.