- Home
- Curam Software
- CompTIA Cybersecurity Analyst (CySA+) Certification Exam
- CuramSoftware.CS0-003.v2024-06-14.q89
- Question 65
Valid CS0-003 Dumps shared by ExamDiscuss.com for Helping Passing CS0-003 Exam! ExamDiscuss.com now offer the newest CS0-003 exam dumps, the ExamDiscuss.com CS0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CS0-003 dumps with Test Engine here:
Access CS0-003 Dumps Premium Version
(622 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 65/89
A security analyst is reviewing the findings of the latest vulnerability report for a company's web application.
The web application accepts files for a Bash script to be processed if the files match a given hash. The analyst is able to submit files to the system due to a hash collision. Which of the following should the analyst suggest to mitigate the vulnerability with the fewest changes to the current script and infrastructure?
The web application accepts files for a Bash script to be processed if the files match a given hash. The analyst is able to submit files to the system due to a hash collision. Which of the following should the analyst suggest to mitigate the vulnerability with the fewest changes to the current script and infrastructure?
Correct Answer: B
The correct answer is B. Replace the current MD5 with SHA-256.
The vulnerability that the security analyst is able to exploit is a hash collision, which is a situation where two different files produce the same hash value. Hash collisions can allow an attacker to bypass the integrity or authentication checks that rely on hash values, and submit malicious files to the system. The web application uses MD5, which is a hashing algorithm that is known to be vulnerable to hash collisions. Therefore, the analyst should suggest replacing the current MD5 with SHA-256, which is a more secure and collision-resistant hashing algorithm.
The other options are not the best suggestions to mitigate the vulnerability with the fewest changes to the current script and infrastructure. Deploying a WAF (web application firewall) to the front of the application (A) may help protect the web application from some common attacks, but it may not prevent hash collisions or detect malicious files. Deploying an antivirus application on the hosting system may help scan and remove malicious files from the system, but it may not prevent hash collisions or block malicious files from being submitted. Replacing the MD5 with digital signatures (D) may help verify the authenticity and integrity of the files, but it may require significant changes to the current script and infrastructure, as digital signatures involve public-key cryptography and certificate authorities.
The vulnerability that the security analyst is able to exploit is a hash collision, which is a situation where two different files produce the same hash value. Hash collisions can allow an attacker to bypass the integrity or authentication checks that rely on hash values, and submit malicious files to the system. The web application uses MD5, which is a hashing algorithm that is known to be vulnerable to hash collisions. Therefore, the analyst should suggest replacing the current MD5 with SHA-256, which is a more secure and collision-resistant hashing algorithm.
The other options are not the best suggestions to mitigate the vulnerability with the fewest changes to the current script and infrastructure. Deploying a WAF (web application firewall) to the front of the application (A) may help protect the web application from some common attacks, but it may not prevent hash collisions or detect malicious files. Deploying an antivirus application on the hosting system may help scan and remove malicious files from the system, but it may not prevent hash collisions or block malicious files from being submitted. Replacing the MD5 with digital signatures (D) may help verify the authenticity and integrity of the files, but it may require significant changes to the current script and infrastructure, as digital signatures involve public-key cryptography and certificate authorities.
- Question List (89q)
- Question 1: A systems administrator notices unfamiliar directory names o...
- Question 2: Which of the following is a nation-state actor least likely ...
- Question 3: A new cybersecurity analyst is tasked with creating an execu...
- Question 4: The Chief Executive Officer (CEO) has notified that a confid...
- Question 5: An organization has experienced a breach of customer transac...
- Question 6: Which of the following would help to minimize human engageme...
- Question 7: A vulnerability scan of a web server that is exposed to the ...
- Question 8: An analyst is evaluating a vulnerability management dashboar...
- Question 9: Given the following CVSS string- CVSS:3.0/AV:N/AC:L/PR:N/UI:...
- Question 10: Which of the following most accurately describes the Cyber K...
- Question 11: A security analyst detects an exploit attempt containing the...
- Question 12: A virtual web server in a server pool was infected with malw...
- Question 13: A company recently experienced a security incident. The secu...
- Question 14: A security analyst is performing an investigation involving ...
- Question 15: Which of the following best describes the goal of a tabletop...
- Question 16: A SOC manager is establishing a reporting process to manage ...
- Question 17: A managed security service provider is having difficulty ret...
- Question 18: A security analyst discovers an LFI vulnerability that can b...
- Question 19: A cybersecurity team lead is developing metrics to present i...
- Question 20: An attacker has just gained access to the syslog server on a...
- Question 21: Which of the following techniques can help a SOC team to red...
- Question 22: Which of the following best describes the threat concept in ...
- Question 23: A vulnerability analyst received a list of system vulnerabil...
- Question 24: Which of the following security operations tasks are ideal f...
- Question 25: Joe, a leading sales person at an organization, has announce...
- Question 26: A company's security team is updating a section of the repor...
- Question 27: Which of the following is the best metric for an organizatio...
- Question 28: A Chief Information Security Officer wants to map all the at...
- Question 29: During an incident, analysts need to rapidly investigate by ...
- Question 30: The Chief Information Security Officer is directing a new pr...
- Question 31: Which of following would best mitigate the effects of a new ...
- Question 32: While performing a dynamic analysis of a malicious file, a s...
- Question 33: A security analyst is writing a shell script to identify IP ...
- Question 34: A cloud team received an alert that unauthorized resources w...
- Question 35: A security analyst needs to mitigate a known, exploited vuln...
- Question 36: A cybersecurity analyst is reviewing SIEM logs and observes ...
- Question 37: Which of the following is the most important reason for an i...
- Question 38: Which of the following does "federation" most likely refer t...
- Question 39: Which of the following threat-modeling procedures is in the ...
- Question 40: During an incident involving phishing, a security analyst ne...
- Question 41: A vulnerability management team is unable to patch all vulne...
- Question 42: A security analyst is working on a server patch management p...
- Question 43: A security analyst is reviewing a packet capture in Wireshar...
- Question 44: An older CVE with a vulnerability score of 7.1 was elevated ...
- Question 45: Which of the following best describes the process of requiri...
- Question 46: During an incident, some loCs of possible ransomware contami...
- Question 47: There are several reports of sensitive information being dis...
- Question 48: A security analyst discovers an ongoing ransomware attack wh...
- Question 49: A security analyst is validating a particular finding that w...
- Question 50: An employee downloads a freeware program to change the deskt...
- Question 51: An employee accessed a website that caused a device to becom...
- Question 52: An analyst is examining events in multiple systems but is ha...
- Question 53: While reviewing web server logs, a security analyst discover...
- Question 54: Which of the following is the best action to take after the ...
- Question 55: A systems administrator is reviewing after-hours traffic flo...
- Question 56: When starting an investigation, which of the following must ...
- Question 57: Which of the following best describes the reporting metric t...
- Question 58: An analyst recommends that an EDR agent collect the source I...
- Question 59: The security team reviews a web server for XSS and runs the ...
- Question 60: A zero-day command injection vulnerability was published. A ...
- Question 61: Which of the following phases of the Cyber Kill Chain involv...
- Question 62: A security analyst performs various types of vulnerability s...
- Question 63: After identifying a threat, a company has decided to impleme...
- Question 64: After conducting a cybersecurity risk assessment for a new s...
- Question 65: A security analyst is reviewing the findings of the latest v...
- Question 66: A security analyst needs to provide evidence of regular vuln...
- Question 67: An analyst notices there is an internal device sending HTTPS...
- Question 68: A security analyst identified the following suspicious entry...
- Question 69: The Chief Executive Officer of an organization recently hear...
- Question 70: An organization conducted a web application vulnerability as...
- Question 71: A software developer has been deploying web applications wit...
- Question 72: Which of the following is a benefit of the Diamond Model of ...
- Question 73: A SOC analyst is analyzing traffic on a network and notices ...
- Question 74: An incident response team finished responding to a significa...
- Question 75: A security administrator has been notified by the IT operati...
- Question 76: A security analyst receives an alert for suspicious activity...
- Question 77: The developers recently deployed new code to three web serve...
- Question 78: During an internal code review, software called "ACE" was di...
- Question 79: A systems analyst is limiting user access to system configur...
- Question 80: The analyst reviews the following endpoint log entry: (Exhib...
- Question 81: Which of the following is the most important factor to ensur...
- Question 82: An analyst is remediating items associated with a recent inc...
- Question 83: A disgruntled open-source developer has decided to sabotage ...
- Question 84: While reviewing web server logs, an analyst notices several ...
- Question 85: A cybersecurity team has witnessed numerous vulnerability ev...
- Question 86: A technician identifies a vulnerability on a server and appl...
- Question 87: A security analyst has found the following suspicious DNS tr...
- Question 88: A company is implementing a vulnerability management program...
- Question 89: A recent zero-day vulnerability is being actively exploited,...
[×]
Download PDF File
Enter your email address to download CuramSoftware.CS0-003.v2024-06-14.q89.pdf