Exam CAS-003 topic 1 question 17 discussion

Pretty sure is C

Guess E. A not because the statement says not. B neither is a vulnerability from a shipping software. D also not, because there is nothing about mail or related from the question. So we get two. Lets see C application firewall is a layer 7 (OSI). So the application firewall controls network access to, from or by an application or service with policies and etc. but the question says «A penetration test (<- key one)...web server has a major vulnerability (<-key tow)...» does not say, that the shipping software has the vulnerability, so the firewall does not helps to mitigate the issue as the HIDS does. HIDS . It is a software that has functions of monitoring, and detect a suspicious activity in a host including intrusions and inappropriate use of resources , data , etc. From the comptia study guide chapter 6. implementing security controls for hosts we can found other ways to secure.

Not an easy one either. First I agreed with you on C but then I could remember that on a performance based question I had a similar setup like this and I know it was HIDS. So I did a little research and came across this: Host IDS is installed on servers and is more focused on analyzing the specific operating system and "application functionality" residing on the HIDS host. Application => Webserver HIDS are often critical in detecting internal attacks directed towards an organization’s servers such as DNS, mail, and web servers. So they are correct with their answer E. HIDS

Going with C.

Definitely C. HIDS won’t “secure” the server. It will help detect an attack but not prevent it. A well tuned WAF is the clear answer.

theanswer is c

Its definitely not HIDS, a HIDS detects and doesn't necessarily make anything more "secure". Firewall & Patch management appear to be the most practical answers. Patch Management in the real world seems to be the right answer. Thats why we have the NESSUS scanner to detect vulnerabilities and then we Patch, which is essentially putting a band aid on an issue until there is a long-term solution as the question stated.

Without knowing the vulnerability, or what would fix it, I doubt it's possible to objectively answer the question. The question is unfair, as comptia questions often are. Since the question is specifically about a web application, I think my best guess would be web application firewall.

HIDS. A WAF is a reasonable solution, however the question states the need for high availability of the application, and WAFs may inadvertently cause an outage due to potential false-positives. A HIDS would add a detective control to the hosting server and not impact the application per se because it isn't inline with the traffic, which a WAF would be inline

Patch management

C. Application Firewall, a type of WAF in my opinion should protect the web server.