ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam
Go to Exam

Exam CAS-005 topic 1 question 63 discussion

Actual exam question from CompTIA's CAS-005
Question #: 63
Topic #: 1
[All CAS-005 Questions]

A security analyst discovers a new device on the company's dedicated IoT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the IoT subnet. Which of the following should the security analyst recommend to securely operate the camera?

  • A. Harden the camera configuration.
  • B. Send camera logs to the SIEM.
  • C. Encrypt the camera's video stream.
  • D. Place the camera on an isolated segment.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by vicbersong at May 1, 2025, 5:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vicbersong
1 month, 3 weeks ago
Selected Answer: A
❌ Why not the others? B. Send camera logs to the SIEM Useful for monitoring, but does not fix the vulnerabilities on the device itself. C. Encrypt the camera's video stream Important for data confidentiality, but doesn't address device compromise risks (e.g., via default credentials or insecure services). D. Place the camera on an isolated segment It's already on a dedicated IoT subnet (as mentioned), and isolation alone doesn't fix the existing security misconfigurations.
upvoted 1 times
...
vicbersong
1 month, 3 weeks ago
Selected Answer: A
✅ Explanation: The vulnerability scan revealed that the camera has open ports, insecure protocols, and default credentials, which are all classic signs of a poorly configured and vulnerable device. Hardening the configuration typically includes: Changing default usernames and passwords. Disabling unused services and insecure protocols (e.g., Telnet, HTTP). Enabling secure communication protocols (e.g., HTTPS, RTSP over TLS). Limiting access via IP whitelisting or firewall rules. Ensuring firmware is updated to patch known vulnerabilities. All of these directly address the security issues identified in the scan and are essential first steps before considering more advanced options.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel