A security administrator receives alerts from the perimeter UTM.
Upon checking the logs, the administrator finds the following output:
Time: 12/25 0300
From Zone: Untrust
To Zone: DMZ
Attacker: externalip.com
Victim: 172.16.0.20
To Port: 80
Action: Alert
Severity: Critical
When examining the PCAP associated with the event, the security administrator finds the following information:
<script> alert ("Click here for important information regarding your account! http://externalip.com/account.php"); </script>
Which of the following actions should the security administrator take?
A . Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic.
B . Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events.
C . Implement a host-based firewall rule to block future events of this type from occurring.
D . Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts.
Answer: B
Leave a Reply