Results
#1. Which of the following tools would work best to prevent the exposure of PII outside of an organization?
#2. A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?
#3. Which of the following items should be included in a vulnerability scan report? (Choose two.)
Select all that apply:
#4. 1. An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
Select all that apply:
– Implementing compensating controls in the source code and fixing the vulnerability using a virtual patch at the WAF are effective ways to mitigate an XSS vulnerability.
– The WAF can block malicious payloads, and compensating controls in the source code can sanitize input to prevent exploitation.