CompTIA Server+ (SK0-005) — Question 33

A large number of connections to port 80 is discovered while reviewing the log files on a server. The server is not functioning as a web server. Which of the following represent the BEST immediate actions to prevent unauthorized server access? (Choose two.)

Answer options

• A. Audit all group privileges and permissions
• B. Run a checksum tool against all the files on the server
• C. Stop all unneeded services and block the ports on the firewall
• D. Initialize a port scan on the server to identify open ports
• E. Enable port forwarding on port 80
• F. Install a NIDS on the server to prevent network intrusions

Correct answer: C, D

Explanation

The best immediate actions are to stop all unneeded services and block the ports on the firewall (C), which directly reduces the attack surface, and to initialize a port scan (D) to identify any other open ports that may pose a risk. The other options do not provide immediate mitigation against unauthorized access; auditing permissions (A) and running checksums (B) are more reactive, while enabling port forwarding (E) and installing a NIDS (F) do not directly address the current issue with port 80.