A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?
A) Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing.
B) Implement new training to be aware of the risks in accessing the application. This training can be decommissioned after the vulnerability is patched.
C) Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the application to company staff after the vulnerability is patched.
D) Require payroll users to change the passwords used to authenticate to the application. Following the patching of the vulnerability, implement another required password change.
Correct Answer:
Verified
Q116: A penetration tester ran an Nmap scan
Q117: A penetration tester is performing a wireless
Q118: A penetration tester was able to enter
Q119: A penetration tester used an ASP.NET web
Q120: A penetration tester is reviewing a Zigbee
Q122: A penetration tester is performing initial intelligence
Q123: A company hires a penetration tester to
Q124: An engineer, who is conducting a penetration
Q125: Which of the following types of intrusion
Q126: Which of the following are MOST important
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents