ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 184 discussion

Actual exam question from CompTIA's CAS-004
Question #: 184
Topic #: 1
[All CAS-004 Questions]

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems.
Which of the following now describes the level of risk?

  • A. Inherent
  • B. Low
  • C. Mitigated
  • D. Residual
  • E. Transferred
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by dangerelchulo at Sept. 2, 2022, 8:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 2 years, 6 months ago
Selected Answer: D
CAPTCHA does not completely mitigate the risk of Bots but rather reduces the risk and therefore Residual risk remains after the CAPTCHA implementation.
upvoted 11 times
...
BreakOff874
Highly Voted 2 years ago
Selected Answer: A
The CAPTCHA was suggested but it was never implemented. Inherent risk refers to the risk that exists before any controls or mitigations have been applied. In this case, since the CAPTCHA system has not been implemented yet, the risk associated with attackers employing automated systems to purchase the video cards is still at its inherent level.
upvoted 5 times
...
Bright07
Most Recent 4 months ago
Selected Answer: A
If the admin chooses D as the correct answer, and is the most voted for, then this question has to be reframed to " The security engineer implemented CAPTCHA system on the web store to help reduce the number of video cards purchased through automated system. And the level of risk now will be described as RESIDUAL Risk. But with this question now, security engineer just suggested implementing and it has not been implemented yet. So, the answer still remains INHERENT Risk.
upvoted 1 times
...
IT_Master_Tech
7 months, 1 week ago
Residual risk…according to CharGPT. Also, CAPCHA doesn’t eliminate risk 100%, so the remaining risk is residual.
upvoted 1 times
...
Bright07
8 months, 4 weeks ago
Please see question #188 and compare it with this question, you will understand the difference between when something is being suggested and when implemented.
upvoted 2 times
...
Bright07
8 months, 4 weeks ago
People have to pay attention to the questions very well. The question says "suggest" which means nothing has been implemented yet. The question is very tricky. So the answer is A.
upvoted 1 times
...
PluDou_111
9 months, 1 week ago
Selected Answer: A
Key word is "suggest". Nothing was implemented. So as it is "Now", there is an Inherent risk. Once it is implemented, we will look for residual.
upvoted 3 times
...
enduser9000
9 months, 3 weeks ago
Selected Answer: A
A, inherent is before, residual is the remaining level of risk. What is being described is the risk before anything is done
upvoted 2 times
...
ninjachuleta
11 months, 1 week ago
Selected Answer: A
A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market..... The next two sentences should be ignored because they change nothing about the current risk.
upvoted 2 times
...
ddcnsd65
1 year ago
https://www.pwc.com/cyber/digital-trust
upvoted 1 times
...
ddcnsd65
1 year ago
D Is Resdidual risk a "level" of risk in cybersecurity? Yes, "resdidual" risk is a level of risk in cybersecurity that refers to the risk that remains after security measures have been implemented. It is the risk that an event will still occur despite the implementation of risk management controls or stratagies. For example, if an organization implements an email security service to detect spamd and phishing attacks, but continues to receive phishing emails, that's an example of "residual" risk.
upvoted 1 times
...
suprman4485
1 year, 2 months ago
It says "level", the only one listed that is a cybersecurity level and makes sense is Low.
upvoted 2 times
...
userguy890
1 year, 2 months ago
Selected Answer: A
The question never says they implemented captcha, only suggested. This is a trick question so its A. However if the question is mistyped then it may be D.
upvoted 2 times
...
ElDirec
1 year, 3 months ago
Selected Answer: A
Inherent Risk LOL Trick question: ChatGPT doesn't know how to solve trick questions. If you're broke, and I suggest, you get a job in cybersecurity. How are your finances now?
upvoted 3 times
...
talosDevbot
1 year, 3 months ago
Selected Answer: D
"Residual risk is the risk that remains after your organization has taken proper precautions and implemented appropriate controls" - Sybex CASP+ textbook
upvoted 1 times
...
hb0011
1 year, 3 months ago
I don't like this question because the leftover risk after the mitigating control is known as Residual risk... but residual risk is not a "level" of risk. A level would be low, medium, high, etc. It's a type of risk.
upvoted 2 times
...
The_Lucifer
1 year, 3 months ago
question just says captcha was suggested not implemented than shouldn't it be A?
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago