Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A security engineer is reviewing Apache web server logs and has identified the following pattern...

CompTIA CAS-004 Full Course Access
CompTIA CAS-004 View All Questions

A security engineer is reviewing Apache web server logs and has identified the following pattern in the log:

GET https://example.com/image5/../../etc/passwd HTTP/1.1 200 OK

The engineer has also reviewed IDS and firewall logs and established a correlation to an external IP address. Which of the following can be determined regarding the vulnerability and response?

A.

A cross-site scripting attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to REST API.

B.

A cross-site request forgery attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to HTTP POST commands.

C.

A directory traversal attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to the filesystem.

D.

A brute-force authentication attempt was successful, and the system should implement salting as part of the password hashing algorithm.

CAS-004 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now CAS-004 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
A technology company developed an in-house chat application that is used only by developers.
A help desk technician is troubleshooting an issue with an employee's laptop that will not...
Previous