exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 619 discussion

Actual exam question from CompTIA's CAS-004
Question #: 619
Topic #: 1
[All CAS-004 Questions]

An application server has outdated protocols enabled and is in violation of the company's written security policy and standards. The outdated protocols are required for compatibility with client-owned systems. The client is unable to update systems at this time. The following compensating controls have been implemented to reduce the amount of risk created by the protocol use:

• A FIM agent has been installed and configured on the server.
• EDR has been protection deployed to the server.
• The server has been moved behind a next-generation firewall.

Which of the following should be done next?

  • A. Document the outdated protocol use and compensating controls as an exception to the security policy.
  • B. Set a target date for the internal team to disable the outdated protocols that are in violation of the security policy.
  • C. Revise the security policy to allow the use of outdated protocols when required for compatibility with client systems.
  • D. Require the application owner to sign an agreement taking responsibility for the risk involved with using outdated protocols.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
5 days, 19 hours ago
Selected Answer: A
o Documentation: By documenting the use of outdated protocols and the compensating controls, you create a formal record that acknowledges the deviation from the security policy. This ensures transparency and accountability. o Exception Management: This approach allows the organization to manage exceptions to the security policy in a controlled manner, ensuring that all stakeholders are aware of the risks and the measures in place to mitigate them. o Compliance: Proper documentation helps in maintaining compliance with internal and external audits, demonstrating that the organization is aware of the risks and has taken steps to address them.
upvoted 1 times
Steel16
5 days, 19 hours ago
o Set a Target Date (Option B): While it's important to plan for future updates, the client is currently unable to update their systems, so this may not be feasible right now. o Revise the Security Policy (Option C): Changing the policy to allow outdated protocols could weaken overall security standards and set a precedent for other exceptions. o Require Application Owner Agreement (Option D): This can be part of the documentation process but doesn't address the need for a formal exception process.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago