The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created: The findings are then categorized according to the following chart: Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Choose two.)
A) Place a WAF in line with Application 2
B) Move Application 3 to a secure VLAN and require employees to use a jump server for access
C) Apply the missing OS and software patches to the server hosting Application 4
D) Use network segmentation and ACLs to control access to Application 5
E) Implement an IDS/IPS on the same network segment as Application 3
F) Install a FIM on the server hosting Application 4
G) Enforce Group Policy password complexity rules on the server hosting Application 1

Question

The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created:  The findings are then categorized according to the following chart:  Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Choose two.)
A) Place a WAF in line with Application 2 
B) Move Application 3 to a secure VLAN and require employees to use a jump server for access 
C) Apply the missing OS and software patches to the server hosting Application 4 
D) Use network segmentation and ACLs to control access to Application 5 
E) Implement an IDS/IPS on the same network segment as Application 3 
F) Install a FIM on the server hosting Application 4 
G) Enforce Group Policy password complexity rules on the server hosting Application 1

Quizplus · Accepted Answer

The Answer of The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created:  The findings are then categorized according to the following chart:  Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Choose two.)
A) Place a WAF in line with Application 2 
B) Move Application 3 to a secure VLAN and require employees to use a jump server for access 
C) Apply the missing OS and software patches to the server hosting Application 4 
D) Use network segmentation and ACLs to control access to Application 5 
E) Implement an IDS/IPS on the same network segment as Application 3 
F) Install a FIM on the server hosting Application 4 
G) Enforce Group Policy password complexity rules on the server hosting Application 1

The Results of an External Penetration Test for a Software