During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company’s datacenter:
The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?
A. Patch and restart the unknown service.
B. Segment and firewall the controller’s network.
C. Disable the unidentified service on the controller.
D. Implement SNMPv3 to secure communication.
E. Disable TCP/UDP ports 161 through 163.
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
 |
I agree with A
It’s kind of a trick answer. Those ports are for SNMP and SNMPTRAP, so there is nothing abnormal going on here. Patching and restarting would be an appropriate response.
My opinion:
C. Disable the unidentified service on the controller
That probably is using the TCP/163 while the well known UDP ports for SNMP traffic are 161 (SNMP) and 162 (SNMPTRAP)
This is a bad question for a couple of reasons and I’d like to know why its A. “I don’t know what service is running on this port” is not an acceptable answer in a data center.
“A” is only acceptable if you can eventually figure out what the service is.
If you can’t turn it off B is the right answer.
“C” is a good answer, because then you can see what breaks and go from there.
“D” should already be in use if its an option.
“E” you need SNMP to monitor this is a bad answer.