Multiple Choice
A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?
A) Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing.
B) Implement new training to be aware of the risks in accessing the application. This training can be decommissioned after the vulnerability is patched.
C) Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the application to company staff after the vulnerability is patched.
D) Require payroll users to change the passwords used to authenticate to the application. Following the patching of the vulnerability, implement another required password change.
Correct Answer:
Verified
Correct Answer:
Verified
Q26: A penetration tester ran the following Nmap
Q27: During testing, a critical vulnerability is discovered
Q28: A vulnerability scan identifies that an SSL
Q29: A penetration tester has been asked to
Q30: An energy company contracted a security firm
Q32: A penetration tester has successfully exploited a
Q33: If a security consultant comes across a
Q34: A penetration tester has been hired to
Q35: An engineer, who is conducting a penetration
Q36: When negotiating a penetration testing contract with