CompTIA CASP+ (CAS-004) — Question 490

A user logged in to a web application. Later, a SOC analyst noticed the user logged in to systems after normal business hours. The end user confirms the log-ins after hours were unauthorized. Following an investigation, the SOC analyst determined that the web server was running an outdated version of OpenSSL. No other suspicious user log-ins were found. Which of the following describes what happened and how to fix it?

Answer options

• A. A downgrade attack occurred. Any use of old, outdated software should be disallowed.
• B. The attacker obtained the systems' private keys. New key pairs must be generated.
• C. Malware is present on the client machine. A full OS needs to be reinstalled.
• D. The user fell for a phishing attack. The end user must attend security training.

Correct answer: B

Explanation

The situation indicates that the outdated version of OpenSSL may have allowed an attacker to gain access to the private keys of the systems. Therefore, generating new key pairs is essential to secure the systems. The other options do not directly address the issue of compromised keys or the outdated software's role in the incident.