Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam CAS-004 Topic 1 Question 44 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 44
Topic #: 1
[All CAS-004 Questions]

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:

www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

Show Suggested Answer Hide Answer
Suggested Answer: A

Input validation is a technique that checks the user input for any errors, malicious data, or unexpected values before processing it by the application. Input validation can prevent many common web application attacks, such as:

SQL injection, which exploits a vulnerability in the application's database query to execute malicious SQL commands.

Cross-site scripting (XSS), which injects malicious JavaScript code into the application's web page to execute on the client-side browser.

Directory traversal, which accesses files or directories outside of the intended scope by manipulating the file path.

In this case, the security engineer should recommend input validation as the best mitigation technique, because it would:

Prevent the exfiltration of a company report by validating the file parameter in the URL and ensuring that it matches a predefined list of allowed files or formats.

Enhance the security of the web application by filtering out any malicious or invalid input from users or attackers.

Be more effective and efficient than other techniques, such as firewall, WAF (Web Application Firewall), or DLP (Data Loss Prevention), which may not be able to detect or block all types of web application attacks.


Contribute your Thoughts:

Ressie
11 months ago
I think DLP (Data Loss Prevention) could also be a good option to prevent such incidents.
upvoted 0 times
...
Kristine
11 months ago
WAF could definitely help, but input validation is more fundamental.
upvoted 0 times
...
Rossana
12 months ago
But wouldn't a Web Application Firewall (WAF) be more effective in this scenario?
upvoted 0 times
...
Ressie
1 years ago
I agree with Kristine, input validation would prevent unauthorized access.
upvoted 0 times
...
Kristine
1 years ago
I think the best mitigation technique would be input validation.
upvoted 0 times
...
Armando
1 years ago
For sure. But input validation is really the most comprehensive solution here. The other options like firewalls, WAFs, and DLP may help, but they're more reactive. Input validation addresses the root cause.
upvoted 0 times
...
Arlette
1 years ago
Haha, yeah. I bet the security engineer who found this was like, 'Seriously? This is too easy.' Though I'm sure the dev team is kicking themselves right now.
upvoted 0 times
Dottie
1 years ago
D) DLP
upvoted 0 times
...
Marge
1 years ago
Absolutely, a Web Application Firewall would help prevent such incidents.
upvoted 0 times
...
Billye
1 years ago
C) WAF
upvoted 0 times
...
Omer
1 years ago
They definitely need better security measures in place.
upvoted 0 times
...
Staci
1 years ago
B) Firewall
upvoted 0 times
...
Elenora
1 years ago
Yeah, that's a major oversight.
upvoted 0 times
...
Salena
1 years ago
A) Input validation
upvoted 0 times
...
...
Martina
1 years ago
Exactly. The best answer here has got to be A) Input validation. Properly sanitizing and validating all user inputs is crucial to prevent these kinds of unauthorized access issues.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77
a