nerdexam
ExamsCAS-005Questions#130
CompTIACompTIA

CAS-005 · Question #130

CAS-005 Question #130: Real Exam Question with Answer & Explanation

The correct answer applies the company's three hardening guidelines systematically to each discovered device: one primary service per device (the highest-security or most logical primary role), only default ports (flagging any non-standard ports like 8080 instead of 80/443), and

Submitted by skyler.x· Mar 6, 2026CompTIA Security+ Domain 4: Security Operations - specifically network hardening, vulnerability scanning interpretation, and identifying misconfigurations in network services to reduce attack surface per organizational security policies.

Question

SIMULATION You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network. The company's hardening guidelines indicate the following: - There should be one primary server or service per device. - Only default ports should be used. - Non-secure protocols should be disabled. INSTRUCTIONS Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information: - The IP address of the device - The primary server or service of the device (Note that each IP should by associated with one service/port only) - The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Answer: 10.1.45.65 SFTP Server Disable 8080 10.1.45.66 Email Server Disable 415 and 443 10.1.45.67 Web Server Disable 21, 80 10.1.45.68 UTM Appliance Disable 21

Options

  • taskInterpret the Nmap scan output from the company's privileged network according to hardening guidelines to identify network devices, their roles, and open ports to be closed. For each identified device, add an entry to the 'Devices Discovered' list with its IP address, primary server/service role, and specified protocols/ports to disable.
  • prerequisites

Explanation

The correct answer applies the company's three hardening guidelines systematically to each discovered device: one primary service per device (the highest-security or most logical primary role), only default ports (flagging any non-standard ports like 8080 instead of 80/443), and disabling non-secure protocols (such as FTP in favor of SFTP, Telnet in favor of SSH, HTTP in favor of HTTPS). For 10.1.45.65, SFTP is the secure file transfer service on its default port, making it the primary role, while port 8080 (non-default HTTP alternative) violates the default-ports guideline and must be closed. For 10.1.45.66, the email server designation reflects the primary mail service running, with non-secure email protocols (e.g., plain SMTP port 25 or POP3 port 110 without encryption) identified for disabling per the non-secure protocol guideline.

Topics

#Nmap Network Scanning#Network Hardening#Port Security#Secure vs Non-Secure Protocols

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-005 PracticeBrowse All CAS-005 Questions