CAS-005 無料問題集「CompTIA SecurityX Certification」
A malicious actor exploited firmware vulnerabilities and used rootkits in an attack on an organization. After the organization recovered from the incident, an engineer needs to recommend a solution that reduces the likelihood of the same type of attack in the future. Which of the following is the most relevant solution?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
An analyst must remediate vulnerabilities in IoT devices within 24 hours. These vulnerabilities:
* Have CVSS scores of less than 7.0
* Have updates available
* Will not significantly impact production systems if remediation is unsuccessful Which of the following practices is best for the analyst to use to resolve the issue?
* Have CVSS scores of less than 7.0
* Have updates available
* Will not significantly impact production systems if remediation is unsuccessful Which of the following practices is best for the analyst to use to resolve the issue?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
During a security assessment using an EDR solution, a security engineer generates the following report about the assets in the system:
Initial report:
Device | Type | EDR status | Infection Status
LN002 | Linux SE | Enabled (unmanaged) | Unknown
OWIN23 | Windows 7 | Enabled | Clean
OWIN29 | Windows 10 | Enabled (bypass) | Clean
MAC005 | Mac OS | Enabled | Clean
After five days:
Device | Type | EDR status | Infection Status
LN002 | Linux SE | Enabled (unmanaged) | Unknown
OWIN23 | Windows 7 | Enabled | Clean
OWIN29 | Windows 10 | Enabled (bypass) | Infected
MAC005 | Mac OS | Disabled | Clean
Which of the following most likely enabled the infection?
Initial report:
Device | Type | EDR status | Infection Status
LN002 | Linux SE | Enabled (unmanaged) | Unknown
OWIN23 | Windows 7 | Enabled | Clean
OWIN29 | Windows 10 | Enabled (bypass) | Clean
MAC005 | Mac OS | Enabled | Clean
After five days:
Device | Type | EDR status | Infection Status
LN002 | Linux SE | Enabled (unmanaged) | Unknown
OWIN23 | Windows 7 | Enabled | Clean
OWIN29 | Windows 10 | Enabled (bypass) | Infected
MAC005 | Mac OS | Disabled | Clean
Which of the following most likely enabled the infection?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A company has the following requirements for a cloud-based web application:
* Must authenticate customers
* Must prevent data exposure
* Must allow customer access to data throughout the cloud environment
* Must restrict access by specific regions
Which of the following solutions best addresses these security requirements?
* Must authenticate customers
* Must prevent data exposure
* Must allow customer access to data throughout the cloud environment
* Must restrict access by specific regions
Which of the following solutions best addresses these security requirements?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
A product development team has submitted code snippets for review prior to release.
INSTRUCTIONS
Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.
Code Snippet 1

Code Snippet 2

Vulnerability 1:
SQL injection
Cross-site request forgery
Server-side request forgery
Indirect object reference
Cross-site scripting
Fix 1:
Perform input sanitization of the userid field.
Perform output encoding of queryResponse,
Ensure usex:ia belongs to logged-in user.
Inspect URLS and disallow arbitrary requests.
Implementanti-forgery tokens.
Vulnerability 2
1) Denial of service
2) Command injection
3) SQL injection
4) Authorization bypass
5) Credentials passed via GET
Fix 2
A) Implement prepared statements and bind
variables.
B) Remove the serve_forever instruction.
C) Prevent the " authenticated " value from being overridden by a GET parameter.
D) HTTP POST should be used for sensitive parameters.
E) Perform input sanitization of the userid field.
INSTRUCTIONS
Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.
Code Snippet 1

Code Snippet 2

Vulnerability 1:
SQL injection
Cross-site request forgery
Server-side request forgery
Indirect object reference
Cross-site scripting
Fix 1:
Perform input sanitization of the userid field.
Perform output encoding of queryResponse,
Ensure usex:ia belongs to logged-in user.
Inspect URLS and disallow arbitrary requests.
Implementanti-forgery tokens.
Vulnerability 2
1) Denial of service
2) Command injection
3) SQL injection
4) Authorization bypass
5) Credentials passed via GET
Fix 2
A) Implement prepared statements and bind
variables.
B) Remove the serve_forever instruction.
C) Prevent the " authenticated " value from being overridden by a GET parameter.
D) HTTP POST should be used for sensitive parameters.
E) Perform input sanitization of the userid field.
正解:
See the solution below in explanation.
Explanation:
Code Snippet 1
Vulnerability 1: SQL injection
SQL injection is a type of attack that exploits a vulnerability in the code that interacts with a database. An attacker can inject malicious SQL commands into the input fields, such as username or password, and execute them on the database server. This can result in data theft, data corruption, or unauthorized access.
Fix 1: Perform input sanitization of the userid field.
Input sanitization is a technique that prevents SQL injection byvalidating and filtering the user input values before passing them to the database. The input sanitization should remove any special characters, such as quotes, semicolons, or dashes, that can alter the intended SQL query. Alternatively, the input sanitization can use a whitelist of allowed values and reject any other values.
Code Snippet 2
Vulnerability 2: Cross-site request forgery
Cross-site request forgery (CSRF) is a type of attack that exploits a vulnerability in the code that handles web requests. An attacker can trick a user into sending a malicious web request to a server that performs an action on behalf of the user, such as changing their password, transferring funds, or deleting data. This can result in unauthorized actions, data loss, or account compromise.
Fix 2: Implement anti-forgery tokens.
Anti-forgery tokens are techniques that prevent CSRF by adding a unique and secret value to each web request that is generated by the server and verified by the server before performing the action. The anti- forgery token should be different for each user and each session, and should not be predictable or reusable by an attacker. This way, only legitimate web requests from the user's browser can be accepted by the server.
Explanation:
Code Snippet 1
Vulnerability 1: SQL injection
SQL injection is a type of attack that exploits a vulnerability in the code that interacts with a database. An attacker can inject malicious SQL commands into the input fields, such as username or password, and execute them on the database server. This can result in data theft, data corruption, or unauthorized access.
Fix 1: Perform input sanitization of the userid field.
Input sanitization is a technique that prevents SQL injection byvalidating and filtering the user input values before passing them to the database. The input sanitization should remove any special characters, such as quotes, semicolons, or dashes, that can alter the intended SQL query. Alternatively, the input sanitization can use a whitelist of allowed values and reject any other values.
Code Snippet 2
Vulnerability 2: Cross-site request forgery
Cross-site request forgery (CSRF) is a type of attack that exploits a vulnerability in the code that handles web requests. An attacker can trick a user into sending a malicious web request to a server that performs an action on behalf of the user, such as changing their password, transferring funds, or deleting data. This can result in unauthorized actions, data loss, or account compromise.
Fix 2: Implement anti-forgery tokens.
Anti-forgery tokens are techniques that prevent CSRF by adding a unique and secret value to each web request that is generated by the server and verified by the server before performing the action. The anti- forgery token should be different for each user and each session, and should not be predictable or reusable by an attacker. This way, only legitimate web requests from the user's browser can be accepted by the server.
A company updates itscloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the code is saved lo the repository The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment Which of the following should a security engineer recommend to reduce the deployment failures? (Select two).
正解:B、F
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)