nerdexam
ExamsCAS-003Questions#563
CompTIA

CAS-003 · Question #563

CAS-003 Question #563: Real Exam Question with Answer & Explanation

The correct answer is B: A security vulnerability that is exploited on the website could expose the accounting service.. When two services with different security trust levels share the same virtual platform (co-location), a compromise of one can lead to lateral movement or hypervisor-level attacks that expose the other. The accounting service holds sensitive financial data, and hosting it alongsid

Question

An enterprise's Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprise's growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting the enterprise's website. Which of the following should the CISO be MOST concerned about?

Options

  • APoor capacity planning could cause an oversubscribed host, leading to poor performance on
  • BA security vulnerability that is exploited on the website could expose the accounting service.
  • CTransferring as many services as possible to a CSP could free up resources.
  • DThe CTO does not have the budget available to purchase required resources and manage

Explanation

When two services with different security trust levels share the same virtual platform (co-location), a compromise of one can lead to lateral movement or hypervisor-level attacks that expose the other. The accounting service holds sensitive financial data, and hosting it alongside a public-facing website means a successful exploit on the website (e.g., RCE, VM escape) could pivot directly to the accounting service. This security boundary violation is the CISO's primary concern. Option A describes a capacity/performance problem, not a security issue. Option C is a strategic recommendation, not a concern. Option D is a budget/management issue outside the CISO's immediate purview.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice
An enterprise's Chief Technology Officer (CTO) and Chief... | CAS-003 Q#563 Answer | NerdExam