CV0-004試験無料問題集「CompTIA Cloud+ (2024) 認定」
A company hosts various containerized applications for business uses. A client reports that one of its routine business applications fails to load the web-based login prompt hosted in the company cloud.
INSTRUCTIONS
Click on each device and resource. Review the configurations, logs, and characteristics of each node in the architecture to diagnose the issue. Then, make the necessary changes to the WAF configuration to remediate the issue.
Web app 1
Web app 2
Web app 3
Web app 4
Client app
INSTRUCTIONS
Click on each device and resource. Review the configurations, logs, and characteristics of each node in the architecture to diagnose the issue. Then, make the necessary changes to the WAF configuration to remediate the issue.
Web app 1
Web app 2
Web app 3
Web app 4
Client app
正解:
The issue is with Web app 1 (Finance application).
From the WAF logs, we can see that requests to https://webapp1.comptia.org/FIN/login.html are being blocked (Rule ID 1006). The rule is configured to block access to the finance application's login page. This corresponds to the reported issue of the web-based login prompt not loading.
To remediate the issue, the WAF configuration for Rule ID 1006 should be changed from "Block" to "Allow". This will enable the web-based login prompt to load for the client.
Additionally, the client app configuration indicates that the client laptop (IP 192.168.10.142) is trying to access the service, and the WAF logs show that requests from this IP are being blocked due to the current rule set. Changing the action for Rule ID 1006 will also ensure that legitimate attempts to access the login page from this IP are not blocked.
Steps for remediation:
Go to the WAF configuration.
Find Rule ID 1006 for the Finance application 1.
Change the action from "Block" to "Allow".
Save the changes.
Reference:
Web application firewall (WAF) configurations typically include rules that define which traffic should be allowed or blocked. Blocking legitimate traffic to login pages can prevent users from accessing the application, which seems to be the case here.
Client application configurations and WAF logs provide valuable insights into the source of the traffic and the rules that are affecting it. It's important to ensure that the rules align with the intended access policies for the application.
From the WAF logs, we can see that requests to https://webapp1.comptia.org/FIN/login.html are being blocked (Rule ID 1006). The rule is configured to block access to the finance application's login page. This corresponds to the reported issue of the web-based login prompt not loading.
To remediate the issue, the WAF configuration for Rule ID 1006 should be changed from "Block" to "Allow". This will enable the web-based login prompt to load for the client.
Additionally, the client app configuration indicates that the client laptop (IP 192.168.10.142) is trying to access the service, and the WAF logs show that requests from this IP are being blocked due to the current rule set. Changing the action for Rule ID 1006 will also ensure that legitimate attempts to access the login page from this IP are not blocked.
Steps for remediation:
Go to the WAF configuration.
Find Rule ID 1006 for the Finance application 1.
Change the action from "Block" to "Allow".
Save the changes.
Reference:
Web application firewall (WAF) configurations typically include rules that define which traffic should be allowed or blocked. Blocking legitimate traffic to login pages can prevent users from accessing the application, which seems to be the case here.
Client application configurations and WAF logs provide valuable insights into the source of the traffic and the rules that are affecting it. It's important to ensure that the rules align with the intended access policies for the application.
A group of cloud administrators frequently uses the same deployment template to recreate a cloud-based development environment. The administrators are unable to go back and review the history of changes they have made to the template. Which of the following cloud resource deployment concepts should the administrator start using?
正解:A
解答を投票する
Two CVEs are discovered on servers in the company's public cloud virtual network. The CVEs are listed as having an attack vector value of network and CVSS score of 9.0. Which of the following actions would be the best way to mitigate the vulnerabilities?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
An administrator received a report that company data has been compromised. The compromise occurred on a holiday, and no one in the organization was working. While reviewing the logs from the holiday, the administrator noted the following details:
The most appropriate action for the cloud security analyst to recommend is using CIS-hardened images. These images are pre-configured by the Center for Internet Security to provide security benchmark standards that help in mitigating vulnerabilities in publicly available container images. Reference: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Cloud Security Posture Which of the following accounts should the administrator disable to prevent a further breach?
The most appropriate action for the cloud security analyst to recommend is using CIS-hardened images. These images are pre-configured by the Center for Internet Security to provide security benchmark standards that help in mitigating vulnerabilities in publicly available container images. Reference: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Cloud Security Posture Which of the following accounts should the administrator disable to prevent a further breach?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
An organization's security policy states that software applications should not exchange sensitive data in cleartext. The security analyst is concerned about a software application that uses Base64 to encode credit card dat a. Which of the following would be the best algorithm to replace Base64?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)