View the step-by-step solution to:

Question

The results of an external penetration test for a software development company show a small number of applications

accounts for the largest number of findings. While analyzing the content and purpose of the application, the following matrix is created. 


Application name  Externally accessible  PHI       PII      Medium       High findings    Critical findings

Application 1             No                             No        Yes      135               175                          226  

Application 2 Yes Yes No 38 20 11

Application 3 No No No 175 108 82

Application 4 Yes No No 250 35 22

Application 5 No Yes Yes 200 75 62



Application name Missing OS Patches Coding Errors Credential Non- compliance Missing software Patches

Application 1 175 0 21 329

Application 2 2 55 0 12

Application 3 37 227 5 96

Application 4 110 5 0 192

Application 5 24 196 0 144



Which of the following would BEST reduce the amount of immediate risk by the organization from a compliance and legal standpoint? (select Two)

A.     Place a WAF in line with Application 2

B.     Move application 3 to a secure VLAN and require employees to use a jump server for access.

C.     Apply the missing OS and software patches to the server hosting Application 4

D.     Use network segmentation and ACLs to control access to Application 5

E.     Implement an IDS/IPS on the same network segment as Application 3

F.     Install a FIM on the server hosting Application 4

G.    Enforce group policy password complexity rules on the server hosting Application 1

Recently Asked Questions

Why Join Course Hero?

Course Hero has all the homework and study help you need to succeed! We’ve got course-specific notes, study guides, and practice tests along with expert tutors.

  • -

    Study Documents

    Find the best study resources around, tagged to your specific courses. Share your own to gain free Course Hero access.

    Browse Documents
  • -

    Question & Answers

    Get one-on-one homework help from our expert tutors—available online 24/7. Ask your own questions or browse existing Q&A threads. Satisfaction guaranteed!

    Ask a Question
Let our 24/7 Information Security tutors help you get unstuck! Ask your first question.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors