Which of the following tools should be used?

– by 12

A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.
Which of the following tools should be used? (Choose two.)
A. Fuzzer
B. SCAP scanner
C. Packet analyzer
D. Password cracker
E. Network enumerator
F. SIEM

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.
comptia-exams

12 thoughts on “Which of the following tools should be used?

  1. BF
    I like the explanation provided by StudyB but CompTIA includes Compliance as 1 of the 8 primary SIEM functions:
    “SIEM applications can be employed to automate the gathering of compliance data and produce reports that meet governance and auditing requirements.”

    Reply

  2. BE
    *Security Content Automation Protocol (SCAP) Scan is method for using known standards to run vulnerability and compliance scans. This allows the user to evaluate and secure their systems.
    *A network enumerator or network scanner is a computer program used to retrieve usernames and info on groups, shares, and services of networked computers.

    A. Fuzzer (testing with malformed data)
    B. SCAP scanner (yes, scan system for compliance)
    C. Packet analyzer (capture traffic for analysis)
    D. Password cracker (brute force cracking password)
    E. Network enumerator (yes, scan network equipment for info)
    F. SIEM (make sense of logs)

    1
    Reply

    1. SCAP scanner will show result of “complex password” implementation, or it would show no password requirement.

      Reply

  3. D. Password cracker
    E. Network enumerator

    Password cracker test password strength by guessing.
    Network enumerator shows what services are running on an insecure system.

    1
    1
    Reply

  6. SCAP scanner and SIEM officially drive me crazy BUT I have noticed with a few other questions SCAP scanner seems to be used for auditing and verifying if accounts are using strong credentials. Unless I am getting it wrong, I have gone over these again and again. Some of these questions, still have me questioning myself lol

    Reply

      1. A SIEM will not register or measure the strenght of password nor if the ports are open/closed.
        Agree with B and E.

        1
        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.