Solved

The Results of an External Penetration Test for a Software

Question 90

Multiple Choice

The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created: The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created: The findings are then categorized according to the following chart: Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Choose two.) A) Place a WAF in line with Application 2 B) Move Application 3 to a secure VLAN and require employees to use a jump server for access C) Apply the missing OS and software patches to the server hosting Application 4 D) Use network segmentation and ACLs to control access to Application 5 E) Implement an IDS/IPS on the same network segment as Application 3 F) Install a FIM on the server hosting Application 4 G) Enforce Group Policy password complexity rules on the server hosting Application 1 The findings are then categorized according to the following chart: The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created: The findings are then categorized according to the following chart: Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Choose two.) A) Place a WAF in line with Application 2 B) Move Application 3 to a secure VLAN and require employees to use a jump server for access C) Apply the missing OS and software patches to the server hosting Application 4 D) Use network segmentation and ACLs to control access to Application 5 E) Implement an IDS/IPS on the same network segment as Application 3 F) Install a FIM on the server hosting Application 4 G) Enforce Group Policy password complexity rules on the server hosting Application 1 Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Choose two.)


A) Place a WAF in line with Application 2
B) Move Application 3 to a secure VLAN and require employees to use a jump server for access
C) Apply the missing OS and software patches to the server hosting Application 4
D) Use network segmentation and ACLs to control access to Application 5
E) Implement an IDS/IPS on the same network segment as Application 3
F) Install a FIM on the server hosting Application 4
G) Enforce Group Policy password complexity rules on the server hosting Application 1

Correct Answer:

verifed

Verified

Unlock this answer now
Get Access to more Verified Answers free of charge

Related Questions

Q85: A security administrator wants to implement two-factor

Q86: A Chief Information Security Officer (CISO) needs

Q87: A Chief Information Security Officer (CISO) is

Q88: As part of incident response, a technician

Q89: A security analyst is reviewing the corporate

Q91: A systems administrator receives an advisory email

Q92: Which of the following describes a contract

Q93: An organization has recently deployed an EDR

Q94: A Chief Information Security Officer (CISO) needs

Q95: A company relies on an ICS to