ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 387 discussion

Actual exam question from CompTIA's CAS-004
Question #: 387
Topic #: 1
[All CAS-004 Questions]

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.



Which of the following should the company do NEXT to mitigate the risk of a compromise from these attacks?

  • A. Restrict HTTP methods.
  • B. Perform parameterized queries.
  • C. Implement input sanitization.
  • D. Validate content types.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by nuel_12 at Nov. 18, 2023, 11:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
e020fdc
Highly Voted 8 months, 3 weeks ago
Selected Answer: C
When in doubt, sanitize your inputs
upvoted 5 times
...
041ba31
Most Recent 5 months, 1 week ago
Selected Answer: C
The best answer is C. Implement input sanitization. The logs indicate that there are potential SQL injection and cross-site scripting (XSS) attempts being made via URL parameters. Implementing input sanitization will help mitigate these types of attacks by ensuring that user input is properly validated and sanitized before being processed by the application.
upvoted 2 times
...
ElDirec
9 months ago
Selected Answer: C
The company should C. Implement input sanitization next to mitigate the risk of a compromise from these attacks. The logs show a POST request where user input is being included in the feedback parameter. The presence of <script> in the input suggests that an attacker may be attempting a Cross-Site Scripting (XSS) attack. Input sanitization can help prevent such attacks by ensuring that any user-supplied input is properly cleaned and encoded before it is used or displayed, thereby preventing it from being interpreted as malicious code. While the other options (Restrict HTTP methods, Perform parameterized queries, Validate content types) can provide some level of security, they do not directly address the specific issue shown in the logs.
upvoted 3 times
...
nuel_12
11 months, 3 weeks ago
Selected Answer: C
C. Implement input sanitization
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago