nerdexam
ExamsCAS-002Questions#853
CompTIA

CAS-002 · Question #853

CAS-002 Question #853: Real Exam Question with Answer & Explanation

The correct answer is C: Resource exhaustion attack. The patterns indicate an automated bot-driven resource exhaustion attack, and an inline WAF integrated with SIEM is the most effective technical control to detect and block it.

Question

An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected: Pattern 1 - Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated. Pattern 2 - For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out. Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).

Options

  • AApply a hidden field that triggers a SIEM alert
  • BCross site scripting attack
  • CResource exhaustion attack
  • DInput a blacklist of all known BOT malware IPs into the firewall
  • ESQL injection
  • FImplement an inline WAF and integrate into SIEM
  • GDistributed denial of service
  • HImplement firewall rules to block the attacking IP addresses

Explanation

The patterns indicate an automated bot-driven resource exhaustion attack, and an inline WAF integrated with SIEM is the most effective technical control to detect and block it.

Common mistakes.

  • A. A hidden field alert is a passive detection mechanism only and does not prevent or mitigate the resource exhaustion - it does not stop the customer number depletion.
  • B. Cross-site scripting involves injecting malicious client-side scripts into pages to target other users, which does not match the automated form-filling and customer number exhaustion patterns described.
  • D. Blacklisting known bot IPs is ineffective because distributed bots rotate across many IP addresses, making a static blacklist insufficient to prevent ongoing resource exhaustion.
  • E. SQL injection involves inserting malicious SQL syntax into input fields to manipulate the database directly, which is not indicated by the incremental form updates and customer number exhaustion patterns.
  • G. A DDoS attack aims to overwhelm network or application availability with traffic volume, which differs from the targeted resource exhaustion of a finite customer number pool described here.
  • H. Blocking individual attacker IPs is a reactive and incomplete measure since bot networks use many distributed source IPs, making per-IP firewall rules insufficient to stop the attack.

Concept tested. Resource exhaustion attack identification and WAF-based mitigation

Reference. https://owasp.org/www-community/attacks/Denial_of_Service

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice