ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 214 discussion

Actual exam question from CompTIA's CAS-004
Question #: 214
Topic #: 1
[All CAS-004 Questions]

A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears:



Which of the following BEST describes the analyst's findings and a potential mitigation technique?

  • A. The findings indicate unsecure references. All potential user input needs to be properly sanitized.
  • B. The findings indicate unsecure protocols All cookies should be marked as HttpOnly.
  • C. The findings indicate information disclosure. The displayed error message should be modified.
  • D. The findings indicate a SQL injection. The database needs to be upgraded.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by OneSaint at Feb. 17, 2023, 2:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
javier051977
10 months ago
Selected Answer: C
The error message provides potentially sensitive information about the database server and table that the web application is using. An attacker could use this information to launch targeted attacks against the web application or the database server. To mitigate this issue, the error message should be modified to provide a more generic message that does not disclose any specific information about the application's database or infrastructure. Additionally, any error logs generated by the web application should be reviewed regularly to identify potential security issues and address them promptly.
upvoted 4 times
...
last_resort
10 months, 1 week ago
C...error messages should not give out specific information
upvoted 2 times
...
smqzbq
11 months ago
Selected Answer: C
Nothing indicates sql injection and the log message disclouses internal details of a system to a "standard" user. This is also in current OWASP TOP 10.
upvoted 2 times
...
Serliop378
11 months ago
Selected Answer: C
It gives away the table name and database !!
upvoted 2 times
...
Broesweelies
11 months, 1 week ago
Selected Answer: C
Looks like C to me.
upvoted 3 times
...
OneSaint
11 months, 4 weeks ago
Any word on this?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel