CompTIA Updated CAS-004 Exam Questions and Answers by aubree

A risk associated with SDN is the expanded attack surface that it introduces. SDN is a network architecture that decouples the control plane from the data plane, allowing centralized and programmable management of network devices and traffic. However, this also exposes new attack vectors and vulnerabilities that can compromise the security and performance of the network. For example, an attacker can target the SDN controller, which is the core component that communicates with and controls the network devices. A successful attack on the SDN controller can result in denial of service, unauthorized access, data leakage, or network hijacking. An attacker can also exploit the communication channels between the SDN controller and the network devices, such as the OpenFlow protocol, to intercept, modify, or inject malicious messages or commands. Additionally, an attacker can leverage malicious or compromised applications that run on top of the SDN controller to manipulate or disrupt the network behavior. Verified References:

• https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/benefits-and-the-security-risk-of-software-defined-networking
• https://link.springer.com/article/10.1007/s40860-022-00171-8

SD-WAN (Software-Defined Wide Area Network) is a technology that allows organizations to use multiple, low-cost Internet connections to create a secure and dynamic WAN. SD-WAN can provide benefits such as lower costs, higher performance, and easier management compared to traditional WAN technologies, such as MPLS (Multiprotocol Label Switching).

However, SD-WAN also introduces some potential risks, such as:

• The reliability and security of the Internet connections, which may vary depending on the location, provider, and traffic conditions.
• The compatibility and interoperability of the SD-WAN hardware and software, which may come from different vendors or use different standards.
• The availability and quality of the SD-WAN provider’s support, which may depend on the provider’s size, reputation, and outsourcing practices.

In this case, the CISO would most likely identify the risk that the SD-WAN provider uses a third party for support, because this could:

• Affect the organization’s ability to resolve issues or request changes in a timely and effective manner.
• Expose the organization’s network data and configuration to unauthorized or malicious parties.
• Increase the complexity and uncertainty of the SD-WAN service level agreement (SLA) and contract terms.

The security analyst acknowledges this alert because it is a false positive. A false positive is an event classification that indicates a benign or normal activity is mistakenly flagged as malicious or suspicious by the SIEM system. A false positive can occur due to misconfigured rules, outdated signatures, or faulty algorithms. A false positive can waste the security analyst’s time and resources, so it is important to acknowledge and dismiss it after verifying that it is not a real threat. Verified References:

• https://www.ibm.com/topics/siem
• https://www.microsoft.com/en-us/security/business/security-101/what-is-siem
• https://www.splunk.com/en_us/data-insider/what-is-siem.html

Configuring user settings in Group Policy is the best way for an administrator to implement the decision to restrict PowerShell access to only administrators. Group Policy is a feature of Windows that allows administrators to manage and enforce settings for users and computers in a domain. By using Group Policy, an administrator can create a policy that blocks or disables PowerShell for all users except for a particular group, such as administrators. This policy can be applied to all computers in the domain or to specific organizational units. This method is more effective and manageable than uninstalling PowerShell, monitoring event logs, providing user education, or blocking PowerShell via HIDS. Verified References:

• https://www.windowscentral.com/how-disable-powershell-windows-10
• https://learn.microsoft.com/en-us/answers/questions/195218/how-to-restrict-powershell-for-all-users-except-fo
• https://windowsloop.com/block-disable-powershell/