A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output: Time: 12/25 0300 From Zone: Untrust To Zone: DMZ Attacker: externalip.com Victim: 172.16.0.20 To Port: 80 Action: Alert Severity: Critical When examining the PCAP associated with the event, the security administrator finds the following information: <script> alert ("Click here for important information regarding your account! http://externalip.com/account.php ") ; </script> Which of the following actions should the security administrator take?
A) Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic.
B) Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events. Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events.
C) Implement a host-based firewall rule to block future events of this type from occurring.
D) Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts.
Correct Answer:
Verified
Q870: Which of the following is an example
Q871: Which of the following provides PFS?
A) AES
B)
Q872: An organization's policy requires users to create
Q873: A systems administrator is increasing the security
Q874: A security administrator is implementing a secure
Q876: A technician is required to configure updates
Q877: Which of the following is a security
Q878: A company is experiencing an increasing number
Q879: A Chief Information Officer (CIO) is concerned
Q880: An organization wishes to allow its users
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents