ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 354 discussion

Actual exam question from CompTIA's CAS-004
Question #: 354
Topic #: 1
[All CAS-004 Questions]

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltrate a company report by visiting the following URL:

www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

  • A. Input validation
  • B. Firewall
  • C. WAF
  • D. DLP
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by CXSSP at Sept. 11, 2023, 12:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
e4af987
7 months, 1 week ago
Selected Answer: C
Just going with Gemini's reasoning...The Vulnerability: The web application appears to be vulnerable to unauthorized access of files through the get-files.jsp script.
upvoted 1 times
...
YUYUY
9 months, 2 weeks ago
Selected Answer: A
This is a typical CompTia question where there are multiple right answers. WAFs oftentimes have input validation built-in. This would solve the problem and defend against a lot more web-based attacks.
upvoted 1 times
...
Anarckii
10 months, 1 week ago
Selected Answer: A
input validation would mitigate the vulnerability by making sure the information is not able to get exfiltrated. To protect against this, a WAF would be the next best choice.
upvoted 2 times
...
weaponxcel
1 year ago
Selected Answer: A
A. Input validation. Input validation is the process of checking user input to ensure that it is valid and safe. In this case, the security engineer should recommend that the web application validate the file parameter to ensure that it is a valid "file" path. This will prevent attackers from being able to exfiltrate arbitrary files from the web server.
upvoted 1 times
...
32d799a
1 year ago
Selected Answer: A
A. Input validation would be the BEST mitigation technique to recommend. Input validation would ensure that users can only access files they are permitted to access, directly addressing the root cause of the vulnerability
upvoted 1 times
...
CXSSP
1 year, 1 month ago
Selected Answer: A
A. input validation
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago