CompTIA CASP+ (CAS-003) — Question 337

A server was compromised recently, and two unauthorized daemons were set up to listen for incoming connections. In addition, CPU cycles were being used by an additional unauthorized cron job. Which of the following would have prevented the breach if it was properly configured?

Answer options

• A. Set up log forwarding and utilize a SIEM for centralized management and alerting.
• B. Use a patch management system to close the vulnerabilities in a shorter time frame.
• C. Implement a NIDS/NIPS.
• D. Deploy SELinux using the system baseline as the starting point.
• E. Configure the host firewall to block unauthorized inbound connections.

Correct answer: C

Explanation

Implementing a NIDS/NIPS would have allowed for the detection and prevention of unauthorized access attempts and malicious activities, which could have stopped the daemons from being set up. While the other options contribute to security, they do not directly address the immediate threat of unauthorized services listening for connections.