A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.
Below is a snippet from the firewall related to that server (access is provided in a top-down model):
Which of the following lines should be configured to allow the proper access? (Choose two.)’
A. Move line 3 below line 4 and change port 80 to 443 on line 4.
B. Move line 3 below line 4 and add port 443 to line.
C. Move line 4 below line 5 and add port 80 to 8080 on line 2.
D. Add port 22 to line 2.
E. Add port 22 to line 5.
F. Add port 443 to line 2.
G. Add port 443 to line 5.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
AF
A. Move line 3 below line 4 and change port 80 to 443 on line 4. (first change line 4 port 80 to 443. Now line 4 makes sense. Then move line 3 below line 4… or better yet, move line 3 below line 5)
B. Move line 3 below line 4 and add port 443 to line. (no. it would be good, if it reads add port 443 to line 4, but it’s ambiguous… add port to line 3 or 4?)
C. Move line 4 below line 5 and add port 80 to 8080 on line 2. (no, does not make sense)
D. Add port 22 to line 2. (no, don’t need ssh here)
E. Add port 22 to line 5. (no, don’t need ssh here)
F. Add port 443 to line 2. (yes, just what’s needed)
G. Add port 443 to line 5. (no, not needed)
I would choose – A F
Kind of wonky — Actually need to move line 3 below line 5 to get the deny any any at the bottom. OPTION A also edits line 4 to meet the first requirement – Restrict vendor IP to https (443) and ssh (22) – Option B is ambiguous
Option F adds SSH to line 2 – Which allows “internal users” to access the server subnet via HTTPS or HTTP