ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 640 discussion

Actual exam question from CompTIA's CAS-004
Question #: 640
Topic #: 1
[All CAS-004 Questions]

A user logged in to a web application. Later, a SOC analyst noticed the user logged in to systems after normal business hours. The end user confirms the log-ins after hours were unauthorized. Following an investigation, the SOC analyst determined that the web server was running an outdated version of OpenSSL. No other suspicious user log-ins were found. Which of the following describes what happened and how to fix it?

  • A. A downgrade attack occurred. Any use of old, outdated software should be disallowed.
  • B. The attacker obtained the systems' private keys. New key pairs must be generated.
  • C. Malware is present on the client machine. A full OS needs to be reinstalled.
  • D. The user fell for a phishing attack. The end user must attend security training.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Bright07 at March 5, 2025, 1:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
0e4eff2
2 months, 1 week ago
Selected Answer: A
A downgrade attack likely exploited the outdated OpenSSL version, allowing the attacker to bypass secure encryption and impersonate the user. Upgrading to a secure version of OpenSSL and disabling older versions is critical.
upvoted 1 times
...
Steel16
3 months, 2 weeks ago
Selected Answer: A
o A downgrade attack exploits vulnerabilities in older versions of software, such as OpenSSL, to force a system to use a less secure version. This can allow attackers to intercept or manipulate data. To fix this issue, the outdated software should be updated to the latest, secure version to prevent such attacks. This option directly addresses the identified vulnerability in the outdated OpenSSL version, making it the most relevant and effective solution.
upvoted 2 times
Steel16
3 months, 2 weeks ago
o B. The attacker obtained the systems' private keys. New key pairs must be generated: If the attacker had obtained the private keys, it would likely result in broader unauthorized access and more suspicious log-ins. The scenario only mentions unauthorized logins after hours, which suggests a more targeted attack rather than a widespread compromise of private keys.
upvoted 1 times
...
...
Bright07
3 months, 3 weeks ago
Selected Answer: B
The correct answer is B. The attacker obtained the systems' private keys. New key pairs must be generated. The fact that the web server was running an outdated version of OpenSSL is a significant clue. OpenSSL vulnerabilities, such as those discovered in Heartbleed (CVE-2014-0160), can allow attackers to access private keys used for encrypting communications. If an attacker can access the private keys, they can potentially decrypt traffic or impersonate the server, leading to unauthorized access to systems, as seen in this case with logins after normal business hours. Since the user confirms that the log-ins after hours were unauthorized, it suggests that an attacker may have gained access to the private keys through a vulnerability in the outdated OpenSSL version, allowing them to log in with the compromised credentials. This means new key pairs must be generated to secure the system and prevent further unauthorized access.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel