ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam
Go to Exam

Exam CAS-005 topic 1 question 4 discussion

Actual exam question from CompTIA's CAS-005
Question #: 4
Topic #: 1
[All CAS-005 Questions]

A security architect needs to enable a container orchestrator for DevSecOps and SOAR initiatives. The engineer has discovered that several Ansible YAML files used for the automation of configuration management have the following content:

Which of the following should the engineer do to correct the security issues presented within this content?

  • A. Update the kubernetes.core.k8s module to kubernetes.core.k8s_service in the main.yml file.
  • B. Update the COMPTIA001 hostname to localhost using the hostnamectl command.
  • C. Update the state: present module to state: absent in the main.yml file.
  • D. Update or remove the ansible.cfg file.
  • E. Update the insecure-bind-address from localhost to the COMPTIA001 in the manifests file.
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by vicbersong at April 23, 2025, 3:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Trini_007
2 weeks, 6 days ago
Selected Answer: D
After further review, D is the answer because E is set tot he local host which means it will only take requests from that one device.
upvoted 1 times
...
Trini_007
2 weeks, 6 days ago
Selected Answer: E
Based on my research, E is the best answer. The biggest security issue is the insecure bind address. It's a vulnerability.
upvoted 1 times
...
vicbersong
2 months ago
Selected Answer: E
The main concern in this context is that the API server is explicitly bound using the insecure-bind-address, which: Is deprecated and discouraged in secure Kubernetes environments. May allow unauthenticated access to the Kubernetes API if not tightly controlled. Should be removed altogether or replaced with secure configurations. Switching insecure-bind-address to a hostname (like COMPTIA001) doesn't solve the underlying issue — instead, removing this flag is the best practice. So while option E addresses the specific insecure setting shown, the ideal fix is actually: Remove the insecure-bind-address flag altogether from the manifest.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel