ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CA1-005 All Questions

View all questions & answers for the CA1-005 exam
Go to Exam

Exam CA1-005 topic 1 question 4 discussion

Actual exam question from CompTIA's CA1-005
Question #: 4
Topic #: 1
[All CA1-005 Questions]

A security administrator is performing a gap assessment against a specific OS benchmark. The benchmark requires the following configurations be applied to endpoints:
• Full disk encryption
• Host-based firewall
• Time synchronization
• Password policies
• Application allow listing
• Zero Trust application access
Which of the following solutions best addresses the requirements? (Choose two.)

  • A. MDM
  • B. CASB
  • C. SBoM
  • D. SCAP
  • E. SASE
  • F. HIDS
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by martin451 at Dec. 5, 2024, 8:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rvv1978
5 months, 3 weeks ago
Selected Answer: AD
MDM (A) can enforce endpoint security settings (e.g., full-disk encryption, host-based firewall, password policies) and manage application allow lists, addressing the bulk of the OS benchmark requirements at the device level. SCAP (D) automates compliance checks against the benchmark, verifying configurations like encryption, firewalls, and password policies to ensure continuous adherence.
upvoted 2 times
...
Jimwade1985
6 months ago
Selected Answer: AD
It’s definitely MDM and SCAP
upvoted 1 times
...
Iandyxtran
6 months, 2 weeks ago
Selected Answer: AD
As the prior user states, MDM provides FDE, a host-based firewall, password policies, and application allowing. SCAP fulfills the OS benchmark requirements they are intending to do.
upvoted 1 times
...
martin451
6 months, 3 weeks ago
Selected Answer: AE
MDM (Mobile Device Management) can enforce full disk encryption, host-based firewalls, password policies, and application allow listing across devices. SASE (Secure Access Service Edge) integrates Zero Trust network access and other security functions, making it ideal for secure application access. While F. HIDS (Host-based Intrusion Detection System) is critical for monitoring and detecting suspicious activities, it doesn't directly address all the configurations specified in the benchmark, such as Zero Trust application access or application allow listing.
upvoted 1 times
Iandyxtran
6 months, 2 weeks ago
I understand HIDS is not part of the equation, but the question is about performing a gap assessment and checking for a benchmark. I would lean toward SCAP, wouldn't you? I feel SASE is suitable for cloud and network services; in this case, the question explicitly states OS Benchmark.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel