The network's IDS is giving multiple alerts that unauthorized traffic from a critical application server is being sent to a known-bad public IP address.
One of the alerts contains the following information:
Exploit Alert -
Attempted User Privilege Gain -
2/2/07-3:09:09 10.1.200.32 --> 208.206.12.9:80
This server application is part of a cluster in which two other servers are also servicing clients. The server administrator has verified the other servers are not sending out traffic to that public IP address. The IP address subnet of the application servers is 10.1.200.0/26. Which of the following should the administrator perform to ensure only authorized traffic is being sent from the application server and downtime is minimized? (Choose two.)

A. Disable all services on the affected application server.

B. Perform a vulnerability scan on all the servers within the cluster and patch accordingly.

C. Block access to 208.206.12.9 from all servers on the network.

D. Change the IP address of all the servers in the cluster to the 208.206.12.0/26 subnet.

E. Enable GPO to install an antivirus on all the servers and perform a weekly reboot.

F. Perform an antivirus scan on all servers within the cluster and reboot each server.




 

Suggested Answer: BC

Community Answer: BC



This question is in SK0-005 CompTIA Server+ Exam
For getting CompTIA Server+ Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.