Exam CAS-004 topic 1 question 3 discussion

(C.) Conduct input sanitization. (A.) Deploy a WAF. Explanation: (C.) Conduct input sanitization - The only sure way to prevent SQL Injection attacks is input validation and parametrized queries including prepared statements. The application code should never use the input directly. The developer must sanitize all input, not only web form inputs such as login forms. Explanation: (A.) Deploy a WAF. - A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe.

Conduct input sanitization and Deploy a WAF

E, F ... E - because a reverse proxy also sanitises inputs. ... F - for the reasons mentioned already

Even though, I don't agree with E but this is the closet answer. If it mentions "Web application" E will be 100% correct. However, I think the keyword "external application" usually assume as web application.

The correct answers are A. Conduct input sanitization and E. Deploy a Web Application Firewall (WAF). Here's why: A. Conduct input sanitization: This is essential because LDAP injection vulnerabilities arise when user input is not properly sanitized. By cleaning and validating the inputs, you prevent malicious code from being injected into LDAP queries. E. Deploy a Web Application Firewall (WAF): A WAF can help detect and block injection attempts (including LDAP injections) by filtering out suspicious requests before they reach your application.

LDAP is not a web application. WAF is only for web applications. LDAP is related with AD logons.

Likely Choice. A. Conduct input sanitization. This directly alters user input if needed to ensure not injection occurs. E. Deploy a WAF (Web Application Firewall). A firewall that can filter and monitor traffic. B. Deploy a SIEM. It may help in detection but would not address the issue. C. Use containers. Don't know how this would help. D. Patch the OS. You can host a web server application but patching the underlying OS most likely would not address the issue. F. Deploy a reverse proxy. If all the servers are using the same application and hosting the same website, it would not matter since they all would be susceptible to the same injection. G. Deploy an IDS. May help in detection but does not address the issue.

A. Conduct input sanitization. E. Deploy a WAF. LDAP (Lightweight Directory Access Protocol) injection is a type of attack in which an attacker manipulates LDAP statements using input fields in an application. This can lead to security vulnerabilities, like bypassing authentication or revealing sensitive data. Conducting input sanitization (A) is one of the most effective measures against LDAP injection. This involves cleaning up user input to remove or encode characters that have special meaning in LDAP queries. Deploying a Web Application Firewall (WAF) (E) can also be effective in preventing LDAP injection attacks. A WAF can be configured to detect and block suspicious requests that look like LDAP injection. While using containers (C) could help with some aspects of application security, it does not directly address LDAP injection issues. Patching the OS (D) is always a good practice, but it does not necessarily protect against LDAP injection. Deploying a SIEM (B), IDS (G), or reverse proxy (F) might help detect or potentially mitigate some kinds of attacks, but they don't provide specific protections against LDAP injection.

A. Conduct input sanitization. E. Deploy a WAF. LDAP (Lightweight Directory Access Protocol) injection is a type of attack in which an attacker manipulates LDAP statements using input fields in an application. This can lead to security vulnerabilities, like bypassing authentication or revealing sensitive data. Conducting input sanitization (A) is one of the most effective measures against LDAP injection. This involves cleaning up user input to remove or encode characters that have special meaning in LDAP queries. Deploying a Web Application Firewall (WAF) (E) can also be effective in preventing LDAP injection attacks. A WAF can be configured to detect and block suspicious requests that look like LDAP injection. While using containers (C) could help with some aspects of application security, it does not directly address LDAP injection issues. Patching the OS (D) is always a good practice, but it does not necessarily protect against LDAP injection. Deploying a SIEM (B), IDS (G), or reverse proxy (F) might help detect or potentially mitigate some kinds of attacks, but they don't provide specific protections against LDAP injection.

Conduct input sanitization: This is a primary defense against injection attacks. By ensuring that all user inputs are properly sanitized and validated, you can prevent malicious inputs from being processed by the LDAP queries. Deploy a WAF (Web Application Firewall): A WAF can help to detect and block malicious requests, including those attempting to exploit LDAP injection vulnerabilities. It acts as an additional layer of defense to filter out harmful inputs before they reach the application.

To address the LDAP injection vulnerability in the external application, the following actions would be BEST: A. Conduct input sanitization: Input sanitization involves validating and cleaning user inputs to prevent malicious inputs that could exploit vulnerabilities. Implementing input sanitization can help mitigate the risk of LDAP injection by ensuring that user inputs are properly validated and sanitized before being used in LDAP queries. E. Deploy a WAF (Web Application Firewall): A Web Application Firewall can help protect against various web application attacks, including LDAP injection. It can analyze HTTP traffic between the application and users, detecting and blocking malicious inputs that could exploit vulnerabilities. WAFs can provide an additional layer of defense by filtering and blocking potentially harmful requests.

BD is the correct answers (SIEM and OS patch)

The two actions that would best resolve the LDAP injection vulnerability in the external application are: A. Conduct input sanitization. E. Deploy a WAF (Web Application Firewall). A. Conducting input sanitization involves validating and filtering user inputs to ensure they do not contain malicious code or characters that could exploit vulnerabilities. By properly sanitizing the input, the application can prevent the LDAP injection attack and protect against other types of injection attacks as well. E. Deploying a WAF adds an additional layer of security to the application. A WAF can inspect incoming traffic, identify and block malicious requests, including those attempting LDAP injection. It can provide rule-based protection against known attack patterns and help mitigate emerging threats.

A. Conduct input sanitization, and E. Deploy a WAF are the best actions to resolve the LDAP injection vulnerability issue. Input sanitization helps to prevent malicious data from being input and processed in the application, while a WAF (Web Application Firewall) can monitor and block malicious traffic, including LDAP injection attacks. Therefore, both options together provide an additional layer of protection to mitigate the LDAP injection vulnerability.

The two actions that would BEST resolve the issue are: A. Conduct input sanitization. E. Deploy a WAF. Explanation: A. Conduct input sanitization: Input sanitization is a method of validating and cleansing user input to prevent attacks such as SQL injection or LDAP injection. Input sanitization can be implemented at the application level to prevent the injection of malicious code into the application. In this scenario, conducting input sanitization could help mitigate the LDAP injection vulnerability. E. Deploy a WAF: A web application firewall (WAF) is a security control that monitors and filters incoming and outgoing web traffic to detect and block attacks such as SQL injection and LDAP injection. Deploying a WAF can help protect the application from known and unknown attacks by filtering the traffic based on predefined security policies.

Should be AE

BD hopefully I am right