DRAG DROP
A security administrator must configure the database server shown below the comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.
Select and Place:
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Can someone explain to me why everywhere else has #4 as:
Deny TCP from 10.0.10.20/24 to ANY
Wouldn’t you want to block both UDP and TCP outbound connections? Since it’s defining the specific NIC port wouldn’t the /24 on the end be redundant?
Thanks!
I took my test the other day and passed. Thankfully I did not see this lab. On top of the same 3 labs I had on my first attempt there were 2 additional new labs that I have not seen on any of the question banks or anywhere online. One showed NMAP results and instructed you to determine what kind of servers they were based off the open ports and which ports should be closed on them to prevent vulnerabilities. The other lab showed vulnerability scan results and instructed you to pick out which servers in the diagram the vulnerabilities came from and how to correct them.
Even though I had the latest updated question bank from PassLeader with 607 questions I only saw maybe 35%-40% of the questions from the bank on the actual test. It appears that there has been an update to the test since my first attempt in July 2020 and the online sources for the questions have not caught up yet.
I would go with this:
permit tcp from 10.100.0.0/24>172.16.0.20/32 3389
permit tcp from 10.10.10.0/25>192.168.1.20/24 1433
permit ip 172.30.10.3 > 192.168.1.20
deny tcp from 10.0.10.20/24 to any
In statement 1 – I went with the /32 option – not remembering the port number, but /32 is most specific
In statement 2, has to go from 10.10.10.0 network to 192.168.1.20 address – this is the only one
in statement 3 – straight forward – only IP space given that’s close
in statement 4 – it’s hoaky, but that’s what satisfies the question
For me some of the statements, did not make sense but here is what I got
1. Permit TCP from 10.100.2.0/24 to 173.16.0.20/32 port 3389
I questioned the other option ‘ Permit TCP from 10.100.2.0/24 to 173.16.0.20/24 port 1434’ but mySQL monitoring doesn’t make sense to me.
2. Permit TCP from 10.10.10.0/25 to 172.16.0.20/32 port 1434
I just guessed with my fingers crossed
3. Permit IP from 172.30.10.3 to 192.168.1.20
I still questioned the other option ‘Permit UDP from 192.168.1.20 to 172.30.10.3’
4. Deny tcp from 10.0.10.20/24 to any
can someone please explain if its correct?
it’s wrong,
send your email and I can explain
For me some of the statements, did not make sense but here is what I got:
1 Permit TCP from 10.100.2.0/24 to 173.16.0.20/32 port 3389
2 Permit TCP from 10.10.10.0/25 to 172.16.0.20/32 port 1434
3 Permit IP from 172.30.10.3 to 192.168.1.20
4 Deny tcp from 10.0.10.20/24 to any
it’s a buggy sim, port 1434 doesnt even show in the SIM