CompTIA CompTIA Certifications CAS-005 Questions & Answers

• Question 181:

  SIMULATION

  Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more

  restrictive. Given the following information answer the questions below:

  User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24

  Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down

  Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.

  Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.

  Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.

  Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

  Check the solution below.

  

  A. See the complete solution below in Explanation.

  B. PlaceHoder

  C. PlaceHoder

  D. PlaceHoder

  Correct Answer: A

  Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.

  The rule shown in the image below is the rule in question. It is not working because the action is set to Deny.

  This needs to be set to Permit.

  Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.

  The web servers rule is shown in the image below. Port 80 (HTTP) needs to be changed to port 443 for HTTPS (HTTP over SSL).

  Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.

  The SQL Server rule is shown in the image below. It is not working because the protocol is wrong. It should be TCP, not UDP.

  Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

  The network time rule is shown in the image below.

  However, this rule is not being used because the `any' rule shown below allows all traffic and the rule is placed above the network time rule. To block all other traffic, the `any' rule needs to be set to Deny, not Permit and the rule needs to be

  placed below all the other rules (it needs to be placed at the bottom of the list to the rule is enumerated last).

• Question 182:

  SIMULATION

  A product development team has submitted code snippets for review pnor to release INSTRUCTIONS.

  Analyze the code snippets and then select one vulnerability and one fix for each code snippet If at any time you would like to bang back the initial state of the simulation, please click the Reset All button.

  

  A. See the complete solution below in Explanation.

  B. PlaceHoder

  C. PlaceHoder

  D. PlaceHoder

  Correct Answer: A

  

  

• Question 183:

  SIMULATION

  During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

  INSTRUCTIONS

  Review each of the events and select the appropriate analysis and remediation options for each IoC.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  A. See the complete solution below in Explanation.

  B. PlaceHoder

  C. PlaceHoder

  D. PlaceHoder

  Correct Answer: A

  

  

• Question 184:

  SIMULATION

  

  A. See the complete solution below in Explanation.

  B. PlaceHoder

  C. PlaceHoder

  D. PlaceHoder

  Correct Answer: A

  Step 1: Verify that the certificate is valid or not. In case of any warning message, cancel the download.

  Step 2: If certificate issue is not there then, download the file in your system.

  Step 3: Calculate the hash value of the downloaded file.

  Step 4: Match the hash value of the downloaded file with the one which you selected on the website. Step 5: Install the file if the hash value matches.

• Question 185:

  DRAG DROP

  

  An organization is planning for disaster recovery and continuity of operations.

  INSTRUCTIONS

  Review the following scenarios and instructions. Match each relevant finding to the affected host.

  After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

  Each finding may be used more than once.

  If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

  Select and Place:

  

  Correct Answer:

  

• Question 186:

  DRAG DROP

  IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern.

  Options may be used once or not at all.

  Select and Place:

  

  Correct Answer:

  

  Vendor may accidentally or maliciously make changes to the IT system - Allow view-only access.

  With view-only access, the third party can view the desktop but cannot interact with it. In other words, they cannot control the keyboard or mouse to make any changes.

  Desktop sharing traffic may be intercepted by network attackers - Use SSL for remote sessions.

  SSL (Secure Sockets Layer) encrypts data in transit between computers. If an attacker intercepted the traffic, the data would be encrypted and therefore unreadable to the attacker.

  No guarantees that shoulder surfing attacks are not occurring at the vendor - Identified control gap.

  Shoulder surfing is where someone else gains information by looking at your computer screen. This should be identified as a risk. A control gap occurs when there are either insufficient or no actions taken to avoid or mitigate a significant risk.

  Vendor may inadvertently see confidential material from the company such as email and IMs - Limit desktop session to certain windows.

  The easiest way to prevent a third party from viewing your emails and IMs is to close the email and IM application windows for the duration of the desktop sharing session.

• Question 187:

  DRAG DROP

  A security consultant is considering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once.

  Select and Place:

  

  Correct Answer:

  

• Question 188:

  DRAG DROP

  Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

  Select and Place:

  

  Correct Answer:

  

• Question 189:

  DRAG DROP

  A security administrator must configure the database server shown below the comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.

  

  Select and Place:

  

  Correct Answer:

  

• Question 190:

  DRAG DROP

  A vulnerability scan with the latest definitions was performed across Sites A and B.

  INSTRUCTIONS

  Match each relevant finding to the affected host.

  After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

  Each finding may be used more than once.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Select and Place:

  

  Correct Answer: