CV0-004 · Question #173
CV0-004 Question #173: Real Exam Question with Answer & Explanation
The correct answer is E: Port 8048. {"question_number": 1, "question": "Which of the following ports has been compromised?", "correct_answer": "E. Port 8048", "explanation": "Port 8048 is a non-standard, uncommon port that is not associated with any well-known legitimate service. The logs referenced in the question
Question
A systems administrator notices a surge of network traffic is coming from the monitoring server. The administrator discovers that large amounts of data are being downloaded to an external source. While investigating, the administrator reviews the following logs: Which of the following ports has been compromised?
Options
- APort 20
- BPort 22
- CPort 443
- DPort 4443
- EPort 8048
Explanation
{"question_number": 1, "question": "Which of the following ports has been compromised?", "correct_answer": "E. Port 8048", "explanation": "Port 8048 is a non-standard, uncommon port that is not associated with any well-known legitimate service. The logs referenced in the question would show outbound traffic on port 8048 being used to exfiltrate data to an external source. Attackers frequently use obscure high-numbered ports to evade detection since firewall rules and monitoring tools are typically tuned for well-known ports. Port 20 (FTP data), Port 22 (SSH), Port 443 (HTTPS), and Port 4443 (alternate HTTPS) are all standard ports with legitimate uses. An unusual port like 8048 carrying large volumes of outbound data is a strong indicator of compromise and data exfiltration.", "generated_by": "claude-sonnet", "llm_judge_score": 3}
Topics
Community Discussion
No community discussion yet for this question.