A security administrator needs to implement a security solution that will
* Limit the attack surface in case of an incident
* Improve access control for external and internal network security.
* Improve performance with less congestion on network traffic
Which of the following should the security administrator do?
Updating firewall rules to match new IP addresses in use will help to limit the attack surface in case of an incident by ensuring only legitimate traffic is allowed. It can also improve access control for external and internal network security by ensuring that only authorized entities can access certain resources, and may improve network performance by reducing unnecessary traffic (less congestion).
A technician accidentally deleted the secret key that was corresponding to the public key pinned to a busy online magazine. To remedy the situation, the technician obtained a new certificate with a different key. However, paying subscribers were locked out of the website until the key-pinning policy expired. Which of the following alternatives should the technician adopt to prevent a similar issue in the future?
Certificate Authority Authorization (CAA) is not listed directly in the provided options, but it is a relevant mechanism in the context of managing certificates and preventing issues similar to the one described. However, based on the available choices, the Online Certificate Status Protocol (OCSP) comes closest to providing a viable solution. OCSP allows for real-time validation of a certificate's revocation status, which could mitigate the issue of users being locked out due to key pinning policies. It is a more modern and efficient alternative to Certificate Revocation Lists (CRLs), offering faster and more reliable certificate status checks. By implementing OCSP, the technician could ensure that clients receive timely updates on the revocation status of certificates, potentially avoiding the downtime caused by the key-pinning policy awaiting expiration.
Which of the following should an organization implement to prevent unauthorized API key sharing?
An API gateway is a management tool that sits between a client and a collection of backend services. It acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result. API gateways can enforce policies such as rate limiting and authentication to prevent unauthorized access, making it an effective solution to prevent unauthorized API key sharing. By managing APIs at the gateway level, organizations can ensure that API keys are used as intended and are not shared or misused, addressing the need for secure management of API keys.
The security analyst discovers a new device on the company's dedicated loT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the loT subnet. Which of the following should the security analyst recommend to securely operate the camera?
To securely operate the camera, the security analyst should recommend hardening the camera configuration. This involves several steps:
Changing Default Credentials: Default usernames and passwords are a common vulnerability. They should be replaced with strong, unique passwords.
Disabling Unnecessary Services and Ports: The numerous open ports and insecure protocols should be reviewed, and any unnecessary services should be disabled to reduce the attack surface.
Firmware Updates: Ensuring the camera's firmware is up to date will mitigate known vulnerabilities.
Enable Encryption: If possible, enable encryption for both data in transit and at rest to protect the video stream and other communications from interception.
This approach addresses the identified vulnerabilities directly and ensures that the device is more secure. Simply sending logs to the SIEM or isolating the camera might not fully mitigate the risks associated with default settings and open ports.
CompTIA CASP+ CAS-004 Exam Objectives: Section 2.4: Implement security activities across the technology life cycle.
CompTIA CASP+ Study Guide, Chapter 5: Implementing Host Security.
An IDS was unable to detect malicious network traffic during a recent security incident, even though all traffic was being sent using HTTPS. As a result, a website used by employees was compromised. Which of the following detection mechanisms would allow the IDS to detect an attack like this one in the future?
An inspection proxy, also known as an SSL/TLS inspection proxy, can decrypt HTTPS traffic, allowing the IDS to analyze the content for malicious activity. This method ensures that encrypted traffic can be inspected without compromising the security of the data in transit. The inspection proxy will re-encrypt the data before sending it on to its destination, maintaining the confidentiality of the communication while enabling security tools to perform their functions.
CompTIA CASP+ CAS-004 Exam Objectives: Section 3.3: Integrate network and security components and implement security controls.
CompTIA CASP+ Study Guide, Chapter 7: Analyzing Security Incidents.
Ramonita
4 days agoLai
15 days agoGlenna
17 days agoRolf
19 days agoTwanna
1 months agoLelia
1 months agoKeva
1 months agoErasmo
2 months agoAmie
3 months agoMike
4 months agoJody
4 months agoOdelia
4 months ago