Exam CAS-004 All QuestionsBrowse all questions from this exam
Go to Exam
Question 163

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

✑ Protection from DoS attacks against its infrastructure and web applications is in place.

✑ Highly available and distributed DNS is implemented.

✑ Static content is cached in the CDN.

✑ A WAF is deployed inline and is in block mode.

✑ Multiple public clouds are utilized in an active-passive architecture.

With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

    Correct Answer: B

    The most likely cause of the slowdown on the unauthenticated payments page is that the API gateway endpoints are being directly targeted. Since the page in question is unauthenticated, options involving credential-based attacks are unlikely. The inline Web Application Firewall (WAF) is set to block attacks and should handle attacks against the CDN, making those options less plausible. Targeting the API gateway directly could lead to increased load and performance issues, which aligns with the symptoms described.

Discussion
biggytechOption: B

Its B, you can't brute force a page with no authentication lol Key words: experiencing a slowdown on the unauthenticated payments page

BiteSizeOption: B

Going with B. If the API's are slowed, performance issues will follow. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Mr_BuCk3th34DOption: C

Why not C? A brute-force attack is a type of attack that involves trying to guess a password or other type of authentication credential by trying a large number of possible combinations. If the unauthenticated payments page is experiencing a slowdown, it could be because the site is being targeted by a brute-force attack, in which an attacker is trying to guess the credentials for the page. It is not likely that the public cloud provider is applying QoS (Quality of Service) to the inbound customer traffic (option A), as QoS is typically used to prioritize traffic rather than causing a slowdown. It is also not likely that the API gateway endpoints are being directly targeted (option B), as this would typically result in errors rather than a slowdown. It is also not likely that a DDoS (Distributed Denial of Service) attack is targeted at the CDN (option D), as the WAF (Web Application Firewall) should be able to block such an attack.

dr_nick

This is on the unauthenticated page though, doesn't that mean there are no credentials to input?

nuel_12Option: B

brute-force is not possible where the is no-authentication, so the only possible answer is B

last_resortOption: C

Going with C....WAFs can protect the API gateway.

javier051977Option: B

the MOST likely cause of the slowdown on the unauthenticated payments page is option B, the API gateway endpoints being directly targeted. This could cause increased traffic and load on the backend systems responsible for handling payment requests, resulting in a slowdown for users accessing the unauthenticated payments page.

hidadyOption: A

A is correct

EAlonsoOption: C

Its is C. even having the payment page as unauthenticated is receiving brute force attack and the inline WAF in blocking mode caused DoS.

EAlonso

Sorry, by DoS I mean resource exhaustion.

AnarckiiOption: B

The application programming interface (API) is experiencing issues as it is being directly targeted. I overlooked this at first and looking at the question and the answer: "the bank is experiencing a slowdown on the unauthenticated payments page" which is a directly specific interface. This mean that the API itself is being targeted

nmap_king_22Option: B

thinking B here

32d799aOption: B

C. The site is experiencing a brute-force credential attack. Brute force attacks typically target login or authentication systems. While this type of attack can cause a slowdown, the slowdown would typically be observed on the login or authentication pages, not on the unauthenticated payments page. B. The API gateway endpoints are being directly targeted. This is a plausible cause. If the API gateway endpoints responsible for the unauthenticated payments page are being targeted, it could cause a slowdown on that specific page.

tefyayaydu

Credential attack, on a page that requires no credentials...