A security engineer is reviewing a record of events after a recent data breach incident that involved the following: ✑ A hacker conducted reconnaissance and developed a footprint of the company's Internet-facing web application assets. ✑ A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account. ✑ The hacker took advantage of the account's excessive privileges to access a data store...

Questions › Category: CAS-004 › A security engineer is reviewing a record of events after a recent data breach incident that involved the following: ✑ A hacker conducted reconnaissance and developed a footprint of the company's Internet-facing web application assets. ✑ A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account. ✑ The hacker took advantage of the account's excessive privileges to access a data store…

0 Vote Up Vote Down

Admin Staff asked 6 months ago

A security engineer is reviewing a record of events after a recent data breach incident that involved the following:
✑ A hacker conducted reconnaissance and developed a footprint of the company's Internet-facing web application assets.
✑ A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account.
✑ The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection.
Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?

A. Dynamic analysis

B. Secure web gateway

C. Software composition analysis

D. User behavior analysis

E. Web application firewall






 

Suggested Answer: E

Community Answer: C



This question is in CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password