Exam CAS-004 topic 1 question 8 discussion

The Answer is B

CASP #1 answer I keep seeing over and over... Place a WAF inline. Provide Input Validation to stop the bad guys from running exploits. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

I selected B. Placing a WAF inline because a WAF is specifically designed to inspect HTTP/HTTPS requests, detect and block common web application attacks which includes directory traversal attempts as seen in this captured log. The WAF can analyze the URL structure, recognize the malicious patterns and prevent the request from reaching the web server.

The provided output indicates an attempt to access sensitive files on a web server, such as "/etc/password," which could be indicative of a directory traversal or path traversal attack. To best mitigate this type of attack, the most appropriate option is: B. Placing a WAF inline (Web Application Firewall) Explanation: Web Application Firewall (WAF): A WAF is designed to protect web applications from various attacks, including directory traversal. It can inspect and filter HTTP traffic between a web application and the Internet, blocking malicious requests that attempt to access unauthorized directories or files.

Traversal attack => WAF

Answer: B. This (../../) is known as a traversal sequences and is considered a web application attack.

I agree I believe the answer is a WAF

B is correct

The answer must be B. It's a directory traversal attack.

Attack is an XSS and the best solution is OWASP, best solution available is WAF

I vote B, not because it eliminates LDAP injection issue (WAF can't do that, just make it harder to exploit the vulnerability in the application), but because all other answers make zero sense in this scenario. :)

I agree

Acunetix Website: The only way to effectively defend against directory traversal attacks is to carefully write the code of the website or web application and use user input sanitization libraries. Note that web application firewalls (WAF) do not eliminate directory traversal issues, just make it harder for the attacker to exploit vulnerabilities.

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in the VPN2S firewall. Zyxel has released a patch addressing directory traversal and command injection vulnerabilities in the VPN2S firewall.

Need a WAF

Network Firewall does not make sense in this scenario. Best mitigation from those available is the WAF.

The answer is definitely B. you need a web application firewall to prevent this. And from the log, we know is targeting the application layer.