nerdexam
ExamsCAS-001Questions#282
CompTIA

CAS-001 · Question #282

CAS-001 Question #282: Real Exam Question with Answer & Explanation

The correct answer is A: Apply port security to all switches, switch to SCP, and implement IPSec tunnels between devices.. The attacker has physical access to the shared, unsecured datacenter, enabling network-level attacks like MAC flooding, ARP poisoning, or rogue device insertion. Option A directly addresses all three vectors: port security on switches prevents MAC flooding and unauthorized device

Question

The security administrator is responsible for the confidentiality of all corporate data. The company's servers are located in a datacenter run by a different vendor. The vendor datacenter hosts servers for many different clients, all of whom have access to the datacenter. None of the racks are physically secured. Recently, the company has been the victim of several attacks involving data injection and exfiltatration. The security administrator suspects these attacks are due to several new network based attacks facilitated by having physical access to a system. Which of the following BEST describes how to adapt to the threat?

Options

  • AApply port security to all switches, switch to SCP, and implement IPSec tunnels between devices.
  • BApply two factor authentication, require point to point VPNs, and enable log auditing on all devices.
  • CApply port security to all routers, switch to telnet, and implement point to point VPNs on all servers.
  • DApply three factor authentication, implement IPSec, and enable SNMP.

Explanation

The attacker has physical access to the shared, unsecured datacenter, enabling network-level attacks like MAC flooding, ARP poisoning, or rogue device insertion. Option A directly addresses all three vectors: port security on switches prevents MAC flooding and unauthorized device connections; switching from FTP/Telnet to SCP secures file transfers; IPSec tunnels encrypt traffic between devices so intercepted packets are useless. Option B's 2FA does not stop network-layer attacks. Option C is immediately wrong because it suggests switching to Telnet, which is plaintext. Option D's use of SNMP (v1/v2) is itself a security weakness due to plaintext community strings.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice