ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 37 discussion

Actual exam question from CompTIA's CAS-003
Question #: 37
Topic #: 1
[All CAS-003 Questions]

A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company's client-facing portal are running slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via
SNMP from multiple IP addresses. Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

  • A. Install a HIPS on the web servers
  • B. Disable inbound traffic from offending sources
  • C. Disable SNMP on the web servers
  • D. Install anti-DDoS protection in the DMZ
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by tek at March 11, 2020, 4:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
boblee
Highly Voted 4 years, 8 months ago
A A A A A A A
upvoted 9 times
cvMikazuki
3 years, 8 months ago
Concur with A
upvoted 1 times
...
...
mcse123
Highly Voted 3 years, 10 months ago
correct answer is C . check the link below : you can disable SNMP and continue use WMI for monitoring the servers. https://www.acmtix.com/wmi-or-snmp/
upvoted 5 times
...
Picklefall1
Most Recent 3 years, 5 months ago
The web articles I'm finding say that you choose either snmp or wmi: "although it may be tempting to enable both SNMP and WMI to monitor a Windows host, Auvik recommends using one or the other, not both." https://support.auvik.com/hc/en-us/articles/360054127172-What-s-the-difference-between-WMI-and-SNMP-when-monitoring-Microsoft-Windows-devices- I have yet to find an article that says that SNMP must be enabled for WMI to run.
upvoted 2 times
...
SoukelezArtibuz
4 years, 7 months ago
A. Install a HIPS on the web servers -> HIPS monitors OS/software activities more than inbound network B. Disable inbound traffic from offending sources -> Doable depending on amount of IP addresses to blacklist C. Disable SNMP on the web servers -> Would disable WMI D. Install anti-DDoS protection in the DMZ -> Could be heavy depending on architecture. B or D ...
upvoted 1 times
D1960
4 years, 4 months ago
As to B: The question specifically states "multiple IP addresses" : "the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses" I doubt that would be specifically mentioned if B were the correct answer. IP addresses are easy to spoof, and change. As to D: the issue is not a DDoS attack. I don't think D would stop the recon. As to A: consider what "HIPS" stands for. Recon is an intrusion. Maybe NIPS would be a better answer, but that is not offered. I think A is the best answer.
upvoted 2 times
...
...
tek
5 years, 3 months ago
C. Disable SNMP on the web servers
upvoted 2 times
tek
5 years, 3 months ago
Scratch that. WMI relies on SNMP. HIPS is the better answer
upvoted 5 times
tirajvid
1 year, 5 months ago
No it doesn't. WMI uses DCOM and is installed out of the box. SNMP need to be installed and configured on Windows machines.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel