ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 90 discussion

Actual exam question from CompTIA's CAS-004
Question #: 90
Topic #: 1
[All CAS-004 Questions]

SIMULATION -
You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.
The company's hardening guidelines indicate the following:
✑ There should be one primary server or service per device.
✑ Only default ports should be used.
✑ Non-secure protocols should be disabled.

INSTRUCTIONS -
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
✑ The IP address of the device
The primary server or service of the device (Note that each IP should by associated with one service/port only)

✑ The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.


Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
10.1.45.65 SFTP Server Disable 8080
10.1.45.66 Email Server Disable 415 and 443
10.1.45.67 Web Server Disable 21, 80
10.1.45.68 UTM Appliance Disable 21
by IT_PAYS at Jan. 27, 2023, 5:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
IT_PAYS
Highly Voted 2 years ago
IS THE ANSWER PROVIDED CORRECT? 10.1.45.65 SFTP Server Disable 8080 10.1.45.66 Email Server Disable 415 and 443 10.1.45.67 Web Server Disable 21, 80 10.1.45.68 UTM Appliance Disable 21
upvoted 13 times
ripper69
1 year, 10 months ago
Yes, one issue is that modern Exchange servers (Mail) use port 443 (secure default port) for incoming connections and disabling this might cause issues...
upvoted 8 times
...
...
ElDirec
Highly Voted 11 months, 4 weeks ago
Here are the devices discovered and their details based on the Nmap scan reports: 1. **Device IP:** 10.1.45.65 - SFTP Server - **Primary Service:** SSH on port 22 - **Protocol(s) to be disabled:** HTTP on port 80 (non-secure protocol) 2. **Device IP:** 10.1.45.66 - Email Server - **Primary Service:** SSL/SMTP on port 587 - **Protocol(s) to be disabled:** Port 415 (if it's not necessary for the email server's function, it should be closed to enhance security) 3. **Device IP:** 10.1.45.67 - Web Server - **Primary Service:** SSL/HTTP on port 443 - **Protocol(s) to be disabled:** FTP on port 21 and HTTP on port 80 (both are non-secure protocols) 4. **Device IP:** 10.1.45.68 - UTM Appliance - **Primary Service:** SSL/FTP-proxy on port 443 - **Protocol(s) to be disabled:** SSL/FTP-proxy on port 21 (if it's not necessary for the UTM's function, it should be closed to enhance security)
upvoted 7 times
...
Waltsthe
Most Recent 9 months, 2 weeks ago
i'd know this one
upvoted 1 times
...
b49eb27
9 months, 3 weeks ago
for thos asking why we don't disable those that are already closed, if you look at the .67 device, there are four protocols listed that are closed that are not in the disabled protocols list. so i have decided not to list those that are already closed as once that should also be disabled.
upvoted 2 times
...
aaronhardisonn
10 months, 2 weeks ago
How do we know what the primary ports are :/
upvoted 3 times
...
userguy890
11 months, 4 weeks ago
why dont we disable the ports listed as closed? nmap's own docs say they could open up: I had originally selected for closed ports to be disabled too but everyone answered otherwise. It seems this is another comptia trick "Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed . Closed ports have no application listening on them, though they could open up at any time."
upvoted 1 times
...
Delab202
1 year ago
10.1.45.65 SFTP Server Disable 8080 10.1.45.66 Email Server Disable 415 and 443 10.1.45.67 Web Server Disable 21, 80 10.1.45.68 UTM Appliance Disable 21 Answer is correct-
upvoted 6 times
...
Anarckii
1 year ago
10.1.45.65 - port 8080 10.1.45.66 – port 443, 415 10.1.45.67 - port 21, 80 10.1.45.68 – port 21
upvoted 1 times
...
wizwiz
1 year, 2 months ago
Why not disable the closed ports as well? Per NMAP "A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next." Should we not disable all the protocols for closed ports as well? So port 20,22,2001,2047,2196 and 6001 as well?
upvoted 1 times
tester27
7 months, 2 weeks ago
those other ports you've mentioned are not in the selection, so this implies that it is not necessary.
upvoted 1 times
...
Anarckii
1 year, 1 month ago
No because even though the state is closed ping attacks and other traffic will just be rejected since the service is unavailable.
upvoted 1 times
...
...
weaponxcel
1 year, 3 months ago
Can someone explain why we close port 443 on 10.1.45.66?
upvoted 2 times
ThatGuyOverThere
1 year, 2 months ago
Because the instructions say each server will only use one port/service. Indicators suggest it is a mail server so you would leave open 587 for secure smtp rather than 443.
upvoted 6 times
...
...
peteymcspeedy
1 year, 3 months ago
Are all of them separate devices? Or does everything go under 10.1.45.66? I don't understand why 10.1.45.65 is under .66 in the solution pictured.
upvoted 1 times
ThatGuyOverThere
1 year, 2 months ago
There are four servers with their own output listed from nmap telling you what ports are showing open (or some closed) for each server.
upvoted 2 times
...
...
imather
1 year, 6 months ago
Why precisely is 68 UTM? I'm guessing it's due to the SSL-VPN http proxy service and IPCop 2 firewall OS and it doesn't match any of the other provided options?
upvoted 3 times
imather
1 year, 5 months ago
Looking closer, device type is firewall, so UTM makes more sense.
upvoted 3 times
ThatGuyOverThere
1 year, 2 months ago
That and a UTM would probably proxy traffic to SSL decrypt and analyze everything.
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago