ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 140 discussion

Actual exam question from CompTIA's CAS-003
Question #: 140
Topic #: 1
[All CAS-003 Questions]

An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:
✑ Encrypt all traffic between the network engineer and critical devices.
✑ Segregate the different networking planes as much as possible.
✑ Do not let access ports impact configuration tasks.
Which of the following would be the BEST recommendation for the network security engineer to present?

  • A. Deploy control plane protections.
  • B. Use SSH over out-of-band management.
  • C. Force only TACACS to be allowed.
  • D. Require the use of certificates for AAA.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by D1960 at July 21, 2021, 12:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Picklefall1
3 years, 6 months ago
I agree with the given answer of B. SSH will encrypt all traffic, OOB management will segregate the different networking planes by keeping the management plane traffic separate from the data plane traffic (see https://www.opendaylight.org/blog/2016/11/16/software-defined-networking-fundamentals-part-1-intro-to-networking-planes), and having these 2 planes separated means that access ports (for data) shouldn't impact configuration tasks (management traffic)
upvoted 1 times
...
SoniSoni
4 years ago
why not C? TACACS sounds like a possible solution
upvoted 1 times
D1960
3 years, 11 months ago
TACACS does not encrypt all data.
upvoted 1 times
...
...
D1960
4 years ago
Maybe: A. Deploy control plane protections ? Would using SSH over out-of-band management "segregate the different networking planes" ? I am not finding much about "control plane protections." This may be worth considering: https://www.ubba.com/wp-content/uploads/2019/11/UBBA-WhitePaper-Cybersecurity.pdf
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel