Given the following information about a company’s internal network:
User IP space: 192.168.1.0/24
Server IP space: 192.168.192.0/25
A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified.
Which of the following should the engineer do?
A. Use a protocol analyzer on 192.168.1.0/24
B. Use a port scanner on 192.168.1.0/24
C. Use an HTTP interceptor on 192.168.1.0/24
D. Use a port scanner on 192.168.192.0/25
E. Use a protocol analyzer on 192.168.192.0/25
F. Use an HTTP interceptor on 192.168.192.0/25
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
B
A and B
The basic question is whether a web server exists outside of 192.160.192.0/25. So any rogues are either on the workstations or external to the network. A protocol analyzer and port scan would tells us if our workstations are acting as web servers. When I first read the question, I thought they were looking outside the network and I leaned toward HTTP intercept and a protocol analyzer on the workstations. But I think that the question is looking at the internal workstations as potential web servers.
AB
View the traffic to look for http requests to 192.168.1.0/24
Scan for ports 80 & 443 on 192.168.1.0/24
A and E ?
I don’t think a port scanner would be useful here. That eliminates two for me. I ultimately went with F and E. I am not 100% if they should be ran on the Server IP space but I will take my chances.
Any feedback would be great.
I would go with port scanner (B) because they want to identify these rogue websites that are hosted OUTSIDE the server space. For example, when you want to determine what ports a system have open you can use a tool such as nmap to scan a subnet for open ports. If systems are returning port 80,443 open then chances are they are acting as web servers.
An interceptor would only be valid here if they know where the sites are and wanted to test the sites for vulnerabilities. For example, BurpSuite can scan a website for vulnerabilities and allow the user to change some of the data being submitted to the server because it is a proxy.
AB
any thoughts?