nerdexam
ExamsCAS-001Questions#270
CompTIA

CAS-001 · Question #270

CAS-001 Question #270: Real Exam Question with Answer & Explanation

The correct answer is C: Move the system to a secure VLAN.. Telnet transmits all data, including credentials, in plaintext - making it vulnerable to eavesdropping. Since the protocol cannot be changed on this legacy system, the best compensating control is network isolation by moving the system to a secure VLAN. This limits which hosts ca

Question

A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol. Which of the following should be used to mitigate the security risks of this system?

Options

  • AMigrate the system to IPv6.
  • BMigrate the system to RSH.
  • CMove the system to a secure VLAN.
  • DUse LDAPs for authentication.

Explanation

Telnet transmits all data, including credentials, in plaintext - making it vulnerable to eavesdropping. Since the protocol cannot be changed on this legacy system, the best compensating control is network isolation by moving the system to a secure VLAN. This limits which hosts can communicate with it (reducing the number of potential eavesdroppers), restricts blast radius if compromised, and allows firewall rules to tightly control access. Migrating to IPv6 (A) does nothing to address Telnet's plaintext issue. RSH (B) is also an insecure legacy protocol. LDAPs (D) secures the authentication directory lookup, but Telnet session traffic would still travel in plaintext regardless.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice