A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open- source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?
To reduce the risk to an acceptable level until the issue can be fixed, the recommended approach is to implement multifactor authentication (MFA), review the application logs, and deploy a Web Application Firewall (WAF). Implementing MFA adds an extra security layer by requiring multiple forms of verification before granting access, which helps prevent unauthorized access. Reviewing application logs assists in monitoring and identifying any attempts to exploit the vulnerability. Deploying a WAF helps block potential exploitation attempts of the vulnerability by filtering and monitoring HTTP requests to and from the web application. These measures collectively address both proactive and reactive security needs without requiring immediate changes to the underlying application code.
C should be answer
Specifying a repository serves no purpose. You already know the library has a vulnerability. You need something which mitigates the unauthorized access, which MFA does, and a properly configured WAF would also provide protection.
Seems like the textbook go to for controls to implement. MFA, review logs, and deploy a WAF. If you can't fix the problem technically or by patching, offering continuous monitoring is the answer (logs/Detections). Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
c is the best
C. Implement MFA, review the application logs, and deploy a WAF. Implementing MFA can add an extra layer of security to protect against unauthorized access if the vulnerability is exploited. Reviewing the application logs can help identify if any attempts have been made to exploit the vulnerability, and deploying a WAF can help block any attempts to exploit the vulnerability. While the other options may provide some level of security, they may not directly address the vulnerability and may not reduce the risk to an acceptable level.
tough one but i believe it is D. Why? the issue is confidentialty of information, i am thinking to prevent an attacker from performing a MITM attack a VPN would encrypt the traffic going across the internet. The vpn is the only thing that can guarantee confidentiality while data is in motion in this scenario
Interesting view. VPN addresses the unauthorized user, Official library with app review should prevent reoccurrence. Answer C is also good but overkill when compared to this. You persuaded me.
Best answer
MFA to prevent stolen information from being used to logon. WAF to prevent the vulnerability from being used.
To reduce the risk to an acceptable level until the issue can be fixed, the BEST option is: C. Implement MFA, review the application logs, and deploy a WAF (Web Application Firewall).
As we cannot fix the vulnerability in the code right away, we can have rules in the WAF to mitigate the risk. The correct answer is: Implement MFA, review the application logs, and deploy a WAF
Here is my concern with D. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away. If they can't fix the issue right away then why would they perform a full application review? Also, an official open source library where a vulnerability already exists? Going with MFA
WAF Pros-- Web traffic filtering Bot Control Real-time visibility Easy to monitor web traffic Prevent against any type of attack, like SQL code injection Easy to create the rules Easy to filter the packet as per your requirement DDOs attack prevention It protects applications at layer 7 (HTTP) of the OSI model and not just layer 4 (TCP) The user can choose the traffic of their applications
Specifying a repository serves no purpose. You already know the library has a vulnerability. You need something which mitigates the unauthorized access, which MFA does, and a properly configured WAF would also provide protection.
C should be the answer
This combination provides both proactive and reactive measures that can be implemented relatively quickly to mitigate the risk while a permanent fix is developed.
It cannot be C as MFA will do nothing to protect you from the library vulnerability which allows unuathorized access. VPN will allow only authenticated / authorized users access to the system. I think D is the appropriate answer.