CompTIA
CAS-003 · Question #352
CAS-003 Question #352: Real Exam Question with Answer & Explanation
The correct answer is B: Use SSH over out-of-band management.. SSH over out-of-band (OOB) management satisfies all three requirements: encrypted traffic, segregated management plane, and no reliance on in-band access ports.
Question
An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements: - Encrypt all traffic between the network engineer and critical devices. - Segregate the different networking planes as much as possible. - Do not let access ports impact configuration tasks. Which of the following would be the BEST recommendation for the network security engineer to present?
Options
- ADeploy control plane protections.
- BUse SSH over out-of-band management.
- CForce only TACACS to be allowed.
- DRequire the use of certificates for AAA.
Explanation
SSH over out-of-band (OOB) management satisfies all three requirements: encrypted traffic, segregated management plane, and no reliance on in-band access ports.
Common mistakes.
- A. Control plane protections (such as CoPP) protect the control plane from excessive traffic but do not encrypt management sessions or provide out-of-band segregation.
- C. Restricting to TACACS enforces authentication and authorization but does not itself encrypt the configuration session transport or segregate networking planes.
- D. Certificate-based AAA strengthens authentication but addresses identity verification, not traffic encryption or plane segregation for management access.
Concept tested. Out-of-band management with SSH for secure network device access
Community Discussion
No community discussion yet for this question.