ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 163 discussion

Actual exam question from CompTIA's CAS-004
Question #: 163
Topic #: 1
[All CAS-004 Questions]

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
✑ Protection from DoS attacks against its infrastructure and web applications is in place.
✑ Highly available and distributed DNS is implemented.
✑ Static content is cached in the CDN.
✑ A WAF is deployed inline and is in block mode.
✑ Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

  • A. The public cloud provider is applying QoS to the inbound customer traffic.
  • B. The API gateway endpoints are being directly targeted.
  • C. The site is experiencing a brute-force credential attack.
  • D. A DDoS attack is targeted at the CDN.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by hidady at Dec. 26, 2022, 11:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
biggytech
Highly Voted 1 year, 6 months ago
Selected Answer: B
Its B, you can't brute force a page with no authentication lol Key words: experiencing a slowdown on the unauthenticated payments page
upvoted 5 times
...
EAlonso
Most Recent 10 months, 3 weeks ago
Its is C. even having the payment page as unauthenticated is receiving brute force attack and the inline WAF in blocking mode caused DoS.
upvoted 1 times
EAlonso
10 months, 3 weeks ago
Sorry, by DoS I mean resource exhaustion.
upvoted 1 times
...
...
Anarckii
1 year, 5 months ago
The application programming interface (API) is experiencing issues as it is being directly targeted. I overlooked this at first and looking at the question and the answer: "the bank is experiencing a slowdown on the unauthenticated payments page" which is a directly specific interface. This mean that the API itself is being targeted
upvoted 1 times
...
nuel_12
1 year, 6 months ago
Selected Answer: B
brute-force is not possible where the is no-authentication, so the only possible answer is B
upvoted 2 times
...
nmap_king_22
1 year, 7 months ago
Selected Answer: B
thinking B here
upvoted 1 times
...
32d799a
1 year, 7 months ago
Selected Answer: B
C. The site is experiencing a brute-force credential attack. Brute force attacks typically target login or authentication systems. While this type of attack can cause a slowdown, the slowdown would typically be observed on the login or authentication pages, not on the unauthenticated payments page. B. The API gateway endpoints are being directly targeted. This is a plausible cause. If the API gateway endpoints responsible for the unauthenticated payments page are being targeted, it could cause a slowdown on that specific page.
upvoted 1 times
tefyayaydu
1 year, 6 months ago
Credential attack, on a page that requires no credentials...
upvoted 2 times
...
...
BiteSize
1 year, 10 months ago
Selected Answer: B
Going with B. If the API's are slowed, performance issues will follow. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
upvoted 4 times
...
last_resort
2 years, 1 month ago
Selected Answer: C
Going with C....WAFs can protect the API gateway.
upvoted 2 times
...
javier051977
2 years, 1 month ago
Selected Answer: B
the MOST likely cause of the slowdown on the unauthenticated payments page is option B, the API gateway endpoints being directly targeted. This could cause increased traffic and load on the backend systems responsible for handling payment requests, resulting in a slowdown for users accessing the unauthenticated payments page.
upvoted 2 times
...
Mr_BuCk3th34D
2 years, 5 months ago
Selected Answer: C
Why not C? A brute-force attack is a type of attack that involves trying to guess a password or other type of authentication credential by trying a large number of possible combinations. If the unauthenticated payments page is experiencing a slowdown, it could be because the site is being targeted by a brute-force attack, in which an attacker is trying to guess the credentials for the page. It is not likely that the public cloud provider is applying QoS (Quality of Service) to the inbound customer traffic (option A), as QoS is typically used to prioritize traffic rather than causing a slowdown. It is also not likely that the API gateway endpoints are being directly targeted (option B), as this would typically result in errors rather than a slowdown. It is also not likely that a DDoS (Distributed Denial of Service) attack is targeted at the CDN (option D), as the WAF (Web Application Firewall) should be able to block such an attack.
upvoted 4 times
dr_nick
2 years, 3 months ago
This is on the unauthenticated page though, doesn't that mean there are no credentials to input?
upvoted 3 times
...
...
hidady
2 years, 5 months ago
A is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel