ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 634 discussion

Actual exam question from CompTIA's CAS-004
Question #: 634
Topic #: 1
[All CAS-004 Questions]

A security architect needs to enable a container orchestrator for DevSecOps and SOAR initiatives. The engineer has discovered that several Ansible YAML files used for the automation of configuration management have the following content:



Which of the following should the engineer do to correct the security issues presented within this content?

  • A. Update the kubernetes.core.k8s module to kubernetes.core.k8s_service in the main.yml file.
  • B. Update the COMPTIA001 hostname to localhost using the hostnamect1 command.
  • C. Update the state: present module to state: absent in the main.yml file.
  • D. Update or remove the ansible.cfg file.
  • E. Update the insecure-bind-address from localhost to the COMPTIA001 in the manifests file.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bright07 at March 5, 2025, 12:41 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
chooksmagooks
1 month, 3 weeks ago
Selected Answer: D
Reluctantly choosing D... Overall it's not a very good question, none of the options address the direct security concerns, it broadly addresses the insecure-bind-address setting. The most prominent security concern here is the insecure-bind-address setting. While binding an insecure service to localhost prevents remote network access, it still allows processes running on the same host (COMPTIA001) to potentially access this unauthenticated service. Basically an attacker can gain initial access to the host and exploit the locally accessible insecure port.
upvoted 1 times
...
Bright07
3 months, 3 weeks ago
Selected Answer: D
To address the security issues presented within the content, the engineer should focus on the following: D. Update or remove the ansible.cfg file. The Ansible configuration file (ansible.cfg) contains the configuration for the automation setup. The line enable plugins = kubernetes.core.k8s in the ansible.cfg file points to an insecure configuration or possibly an incorrect plugin configuration for managing Kubernetes clusters. Security concern: The inclusion of an insecure or improperly configured plugin could lead to unintended access or management of Kubernetes resources, which could be a significant security risk.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel