Exam CAS-004 topic 1 question 21 discussion

Why C is the Best Answer: ✔ MFA (Multi-Factor Authentication) Even if an attacker exploits the vulnerability, MFA adds an extra layer of protection. Prevents unauthorized users from easily accessing privileged accounts. ✔ Reviewing Application Logs Helps detect suspicious access attempts and understand how the vulnerability is being targeted. Logs provide early indicators of compromise (IoCs). ✔ Deploying a WAF (Web Application Firewall) WAFs can block exploit attempts targeting the vulnerable open-source library. They provide virtual patching by filtering malicious requests before the application is updated

This combination provides both proactive and reactive measures that can be implemented relatively quickly to mitigate the risk while a permanent fix is developed.

MFA to prevent stolen information from being used to logon. WAF to prevent the vulnerability from being used.

To reduce the risk to an acceptable level until the issue can be fixed, the BEST option is: C. Implement MFA, review the application logs, and deploy a WAF (Web Application Firewall).

It cannot be C as MFA will do nothing to protect you from the library vulnerability which allows unuathorized access. VPN will allow only authenticated / authorized users access to the system. I think D is the appropriate answer.

Seems like the textbook go to for controls to implement. MFA, review logs, and deploy a WAF. If you can't fix the problem technically or by patching, offering continuous monitoring is the answer (logs/Detections). Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

As we cannot fix the vulnerability in the code right away, we can have rules in the WAF to mitigate the risk. The correct answer is: Implement MFA, review the application logs, and deploy a WAF

c is the best

C. Implement MFA, review the application logs, and deploy a WAF. Implementing MFA can add an extra layer of security to protect against unauthorized access if the vulnerability is exploited. Reviewing the application logs can help identify if any attempts have been made to exploit the vulnerability, and deploying a WAF can help block any attempts to exploit the vulnerability. While the other options may provide some level of security, they may not directly address the vulnerability and may not reduce the risk to an acceptable level.

Here is my concern with D. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away. If they can't fix the issue right away then why would they perform a full application review? Also, an official open source library where a vulnerability already exists? Going with MFA

tough one but i believe it is D. Why? the issue is confidentialty of information, i am thinking to prevent an attacker from performing a MITM attack a VPN would encrypt the traffic going across the internet. The vpn is the only thing that can guarantee confidentiality while data is in motion in this scenario

C should be the answer

C should be answer

Best answer

Specifying a repository serves no purpose. You already know the library has a vulnerability. You need something which mitigates the unauthorized access, which MFA does, and a properly configured WAF would also provide protection.