CompTIA CASP+ (CAS-004) — Question 370

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or
• Five numerical digits

When one of these IOCs is identified. the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

Answer options

• A. ^\d{4}(-\d{5})?$
• B. ^\d{5}(-\d{4})?$
• C. ^\d{5-4}$
• D. ^\d{9}$

Correct answer: B

Explanation

The correct answer is B because it accurately represents the two formats specified in the IOC: five numerical digits followed optionally by a dash and four numerical digits. Option A is incorrect as it has the digit counts reversed. Option C is invalid as it uses the incorrect syntax for ranges, and option D does not match the required formats at all.