Comptia exactexam cas-004 Questions Bank by Kaleb q149 vce pdf

Page: 24 / 32

Exam Name:	CompTIA Advanced Security Practitioner (CASP+) Exam
Exam Code:	CAS-004 Dumps
Vendor:	CompTIA	Certification:	CompTIA CASP
Questions:	439 Q&A's	Shared By:	kaleb

Question 96

A threat analyst notices the following URL while going through the HTTP logs.

Questions 96

Which of the following attack types is the threat analyst seeing?

Options:

SQL injection

CSRF

Session hijacking

XSS

Discussion

Question 97

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

Questions 97

Code Snippet 2

Questions 97

Vulnerability 1:

SQL injection
Cross-site request forgery
Server-side request forgery
Indirect object reference
Cross-site scripting

Fix 1:

Perform input sanitization of the userid field.
Perform output encoding of queryResponse,
Ensure usex:ia belongs to logged-in user.
Inspect URLS and disallow arbitrary requests.
Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind

variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

Options:

Discussion

Question 98

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

- Protection from DoS attacks against its infrastructure and web applications is in place.

- Highly available and distributed DNS is implemented.

- Static content is cached in the CDN.

- A WAF is deployed inline and is in block mode.

- Multiple public clouds are utilized in an active-passive architecture.

With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

Options:

The public cloud provider is applying QoS to the inbound customer traffic.

The API gateway endpoints are being directly targeted.

The site is experiencing a brute-force credential attack.

A DDoS attack is targeted at the CDN.

Discussion

Mariam

Do anyone think Cramkey questions can help improve exam scores?

Katie (not set)

Absolutely! Many people have reported improved scores after using Cramkey Dumps, and there are also success stories of people passing exams on the first try. I already passed this exam. I confirmed above questions were in exam.

Yusra

I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.

Alisha (not set)

I recently used their dumps for the certification exam I took and I have to say, I was really impressed.

Wyatt

Passed my exam… Thank you so much for your excellent Exam Dumps.

Arjun (not set)

That sounds really useful. I'll definitely check it out.

Ivan

I tried these dumps for my recent certification exam and I found it pretty helpful.

Elis (not set)

Agree!!! The questions in the dumps were quite similar to what came up in the actual exam. It gave me a good idea of the types of questions to expect and helped me revise efficiently.

Question 99

The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Options:

Black-box testing

Gray-box testing

Red-team hunting

White-box testing

Blue-learn exercises

Discussion

Page: 24 / 32

Title

Questions

Posted

comptia.nwexams.ace your cas-004 comptia casp exam.by carys.q174.vce.pdf