Instant Access CompTIA.CAS-003.v2022-06-25.q354 Actual Practice Test Engine for Free (Page 59)

40%off

CAS-003 Premium Dumps

Latest CAS-003 Exam Premium Dumps provide by TrainingQuiz.com to help you Passing CAS-003 Exam! TrainingQuiz.com offers the updated CAS-003 exam dumps, the TrainingQuiz.com CAS-003 exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com CAS-003 pdf dumps with Exam Engine here:

(683 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 286

Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:
Untrusted zone: 0.0.0.0/0
User zone: USR 10.1.1.0/24
User zone: USR2 10.1.2.0/24
DB zone: 10.1.4.0/24
Web application zone: 10.1.5.0/24
Management zone: 10.1.10.0/24
Web server: 10.1.5.50
MS-SQL server: 10.1.4.70
MGMT platform: 10.1.10.250
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.
Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
Task 4) Ensure the final rule is an explicit deny.
Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

A.Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
10.1.10.250
ANY
MGMT
ANY
ANY
ANY
DENY
Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
In Rule no. 6 from top, edit the Action to be Permit.
SRC Zone
Action
DB
10.1.4.70
ANY
WEBAPP
10.1.5.50
ANY
ANY
PERMIT
Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
ANY
ANY
WEBAPP
10.1.5.50
ANY
TCP
PERMIT
Task 4: Ensure the final rule is an explicit deny
Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
ANY
ANY
ANY
ANY
ANY
TCP
DENY
Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
In Rule number 4 from top, edit the DST port to 443 from 80
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
USER
10.1.1.0/24 10.1.2.0/24
ANY
UNTRUST
ANY
443
TCP
PERMIT
B.Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
10.1.10.250
ANY
MGMT
ANY
ANY
ANY
DENY
Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
In Rule no. 6 from top, edit the Action to be Permit.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
DB
10.1.4.70
ANY
WEBAPP
10.1.5.50
ANY
ANY
PERMIT
Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
ANY
ANY
WEBAPP
10.1.5.50
ANY
TCP
PERMIT
Task 4: Ensure the final rule is an explicit deny
Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
ANY
ANY
ANY
ANY
ANY
ANY
TCP
DENY
Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
In Rule number 4 from top, edit the DST port to 443 from 80
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
USER
10.1.1.0/24 10.1.2.0/24
ANY
UNTRUST
ANY
443
TCP
PERMIT

Question 287

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:

Which of the following should the penetration tester conclude about the command output?

A.192.168.102.67 is a backup mail server that may be more vulnerable to attack
B.The DNS SPF records have not been updated for Comptia.org
C.The public/private views on the Comptia.org DNS servers are misconfigured
D.Comptia.org is running an older mail server, which may be vulnerable to exploits

Question 288

An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?

A.Independent verification and validation
B.Security test and evaluation
C.Risk assessment
D.Ongoing authorization

Question 289

Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock on server hard drives.
Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep-on hand?

A.TTR
B.ALE
C.MTBF
D.SLE
E.RPO

Question 290

The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:

A.IT systems are maintained in silos to minimize interconnected risks and provide clear risk boundaries used to implement compensating controls
B.major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns
C.corporate general counsel requires a single system boundary to determine overall corporate risk exposure
D.risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness