A company is migrating systems from an on-premises facility to a third-party managed datacenter. For continuity of operations and business agility, remote access to all hardware platforms must be available at all times. Access controls need to be very robust and provide an audit trail. Which of the following security controls will meet the company’s objectives? (Select two.)
A. Integrated platform management interfaces are configured to allow access only via SSH
B. Access to hardware platforms is restricted to the systems administrator’s IP address
C. Access is captured in event logs that include source address, time stamp, and outcome
D. The IP addresses of server management interfaces are located within the company’s extranet
E. Access is limited to interactive logins on the VDi
F. Application logs are hashed cryptographically and sent to the SIEM
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
C and E.
E is for business agility and operation continuity.
C. for audit trails.
https://anexinet.com/blog/vdi-increases-operational-agility/
https://www.dizzion.com/use-cases/disaster-recovery
A & C
Regarding A versus B:
“For continuity of operations and business agility, remote access to all hardware platforms must be available at all times. Access controls need to be very robust…”
Limiting access to the administrator’s IP is a single point of failure. Restricting access to SSH allows use of PKIs, which can be tied to the account, and not a machine. X11 forwarding and display-back can allow non-command line operations.
BC – The requirements are:
1)remote access to all hardware platforms must be available at all times.
2)Access controls need to be very robust and provide an audit trail.
A. platform management allow access only via SSH (maybe, works but limited to SSH command line. Some gui function and web management app not available.)
B. Access platforms is restricted to administrator’s IP (yes, admin would have access as if on premise.)
C. Access is captured in event logs that include source address, time stamp, and outcome (yes, undoubtedly)
D. The IP addresses of server management interfaces are located within the company’s extranet (maybe, but option B is better. Beside extranet is on the edge of network… good idea or no…)
E. Access is limited to interactive logins on the VDi (maybe, but it does not meet the “available at all time.” what if vdi was down?)
F. Application logs are hashed cryptographically and sent to the SIEM (No, a good practice, but irrelevant here.)
AC – A provides OOBM. C – logs access.
I would go with B and C.
I agree with you, B seems a more robust control, available at all times, bypassing the VDI structure.
And obviosusly C.
C, E – All events must be logged and access should not bypass security appliances on the virtual network through direct connect SSH session.
A and C