nerdexam
ExamsSK0-005Questions#297
CompTIACompTIA

SK0-005 · Question #297

SK0-005 Question #297: Real Exam Question with Answer & Explanation

The correct answer is E: Enable GPO to install an antivirus on all the servers and perform a weekly reboot.. The administrator should perform an antivirus scan on all servers within the cluster and reboot each server, and block access to 208.206.12.9 from all servers on the network. These actions will help to remove any malware that may have infected the application server and prevent a

Security and disaster recovery

Question

The network's IDS is giving multiple alerts that unauthorized traffic from a critical application server is being sent to a known-bad public IP address. One of the alerts contains the following information: Exploit Alert Attempted User Privilege Gain 2/2/07-3:09:09 10.1.200.32 --> 208.206.12.9:80 This server application is part of a cluster in which two other servers are also servicing clients. The server administrator has verified the other servers are not sending out traffic to that public IP address. The IP address subnet of the application servers is 10.1.200.0/26. Which of the following should the administrator perform to ensure only authorized traffic is being sent from the application server and downtime is minimized? (Choose two.)

Options

  • ADisable all services on the affected application server.
  • BPerform a vulnerability scan on all the servers within the cluster and patch accordingly.
  • CBlock access to 208.206.12.9 from all servers on the network.
  • DChange the IP address of all the servers in the cluster to the 208.206.12.0/26 subnet.
  • EEnable GPO to install an antivirus on all the servers and perform a weekly reboot.
  • FPerform an antivirus scan on all servers within the cluster and reboot each server.

Explanation

The administrator should perform an antivirus scan on all servers within the cluster and reboot each server, and block access to 208.206.12.9 from all servers on the network. These actions will help to remove any malware that may have infected the application server and prevent any further unauthorized traffic to the known-bad public IP address. An antivirus scan can detect and remove malicious software that may be sending data to an external source, and a reboot can clear any temporary files or processes that may be related to the malware. Blocking access to 208.206.12.9 from all servers on the network can prevent any future attempts to communicate with the malicious IP address.

Topics

#Malware Remediation#Incident Response#Antivirus Management#Server Security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SK0-005 PracticeBrowse All SK0-005 Questions