CompTIA Exam CS0-002 Topic 4 Question 78 Discussion

Actual exam question for CompTIA's CS0-002 exam

Question #: 78
Topic #: 4

A security analyst is investigating a data leak on a corporate website. The attacker was able to dump data by sending a crafted HTTP request with the following payload:

Which of the following systems would most likely have logs with details regarding the threat actor's requests?

ACloud WAF

BInternal proxy

CTAXII server

DHardware security module
B) Internal proxy is not correct. An internal proxy is a server that acts as an intermediary between internal clients and external servers. An internal proxy can provide various functions, such as caching, filtering, authentication, or encryption.An internal proxy can also generate logs with details regarding the client's requests, such as the source IP address, the destination URL, the protocol used, and the response received2. However, an internal proxy would not have logs with details regarding the threat actor's requests, as they are directed to the web application, not to the internal proxy.
C) TAXII server is not correct. TAXII stands for Trusted Automated eXchange of Intelligence Information, and it is a standard that defines how to exchange cyber threat intelligence (CTI) between different systems or organizations. TAXII uses a client-server model, where a TAXII client can request or send CTI to a TAXII server using predefined services and messages.A TAXII server can store and provide CTI in a structured and standardized format3. However, a TAXII server would not have logs with details regarding the threat actor's requests, as they are not related to CTI exchange.
D) Hardware security module is not correct. A hardware security module (HSM) is a physical device that provides secure storage and processing of cryptographic keys and operations. An HSM can protect sensitive data and transactions, such as encryption, decryption, signing, or verification, from unauthorized access or tampering. However, an HSM would not have logs with details regarding the threat actor's requests, as they are not related to cryptographic operations.
1:What Is a Cloud-Based Web Application Firewall (WAF)?2:What Is a Proxy Server?3:What Is TAXII?: [What Is a Hardware Security Module (HSM)?]

Show Suggested Answer

Suggested Answer: B

PII stands for personally identifiable information, and it is any data that can be used to identify, contact, or locate a specific individual, such as name, address, phone number, email, social security number, or biometric data. PII data is considered critical because it can be used by attackers to commit identity theft, fraud, or other crimes.PII data is also subject to various laws and regulations that require organizations to protect it from unauthorized access, use, or disclosure1.

by Ezekiel at Apr 20, 2024, 07:34 AM

Limited Time Offer

25%