CAS-003 · Question #534
CAS-003 Question #534: Real Exam Question with Answer & Explanation
The correct answer is D: Allow access to the core router management interface only through an out-of-band. The attack succeeded because an attacker connected via WiFi could reach the core router's management interface over the production network and authenticate to it. Out-of-band (OOB) management segregates the router's management plane onto a separate, dedicated network (e.g., a con
Question
Options
- AImplement a strong, complex password policy for user accounts that have access to the
- BDeploy 802.1X as the NAC system for the WiFi infrastructure.
- CAdd additional port security settings for the switching environment connected to the core
- DAllow access to the core router management interface only through an out-of-band
Explanation
The attack succeeded because an attacker connected via WiFi could reach the core router's management interface over the production network and authenticate to it. Out-of-band (OOB) management segregates the router's management plane onto a separate, dedicated network (e.g., a console server or isolated management VLAN) that is completely inaccessible from the regular data plane, including WiFi. Even with valid credentials, an attacker on the production or wireless network cannot reach the management interface at all. Strong passwords (A) do not prevent access from an unauthorized network segment. 802.1X for WiFi (B) helps authenticate WiFi users but doesn't block router management access once authenticated. Port security (C) addresses the switching layer, not wireless-to-router management access.
Community Discussion
No community discussion yet for this question.