nerdexam
ExamsCAS-003Questions#121
CompTIA

CAS-003 · Question #121

CAS-003 Question #121: Real Exam Question with Answer & Explanation

The correct answer is C: Resource exhaustion attack. A resource exhaustion attack involves tying up predetermined resources on a system, thereby making the resources unavailable to others. Implementing an inline WAF would allow for protection from attacks, as well as log and alert admins to what's going on. Integrating in into SIEM

Question

An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected: Pattern 1 - Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated. Pattern 2 - For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out. Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).

Options

  • AApply a hidden field that triggers a SIEM alert
  • BCross site scripting attack
  • CResource exhaustion attack
  • DInput a blacklist of all known BOT malware IPs into the firewall
  • ESQL injection
  • FImplement an inline WAF and integrate into SIEM
  • GDistributed denial of service
  • HImplement firewall rules to block the attacking IP addresses

Explanation

A resource exhaustion attack involves tying up predetermined resources on a system, thereby making the resources unavailable to others. Implementing an inline WAF would allow for protection from attacks, as well as log and alert admins to what's going on. Integrating in into SIEM allows for logs and other security- related documentation to be collected for analysis.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice