Question An attack has occurred against a company. You have been tasked to do th
ID: 3919229 • Letter: Q
Question
Question An attack has occurred against a company. You have been tasked to do the following: 1. Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output 2. Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. Instructions: All objects will be used, but not all placeholders may be filled. Objects may only be used once. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue
Explanation / Answer
Database - Record level access control (Which restricts anyone without the access to the database)
Web server - URL filtering, Input Validation (Input validation can be used on both CRM server as well as Web server it depends on the attack, URL filtering can be used so that only http will work on the server)
Application source code within repository -Code Review (will give away the bugs in the code and make the security of the network even stronger)
CRM server - WAF (Provides a firewall for the CRM application server can also be used on the Web server)