CompTIA CASP+ (CAS-004) — Question 122

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
✑ Protection from DoS attacks against its infrastructure and web applications is in place.
✑ Highly available and distributed DNS is implemented.
✑ Static content is cached in the CDN.
✑ A WAF is deployed inline and is in block mode.
✑ Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

Answer options

• A. The public cloud provider is applying QoS to the inbound customer traffic.
• B. The API gateway endpoints are being directly targeted.
• C. The site is experiencing a brute-force credential attack.
• D. A DDoS attack is targeted at the CDN.

Correct answer: B

Explanation

The correct answer is B because if the API gateway endpoints are being targeted directly, it can cause performance issues on the payments page. The other options, while possible, are less likely given the existing protections in place, such as WAF and CDN caching, which would mitigate the impact of a DDoS or brute-force attack.