An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 C Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 C For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).
A . Apply a hidden field that triggers a SIEM alert
B . Cross site scripting attack
C . Resource exhaustion attack
D . Input a blacklist of all known BOT malware IPs into the firewall
E . SQL injection
F . Implement an inline WAF and integrate into SIEM
G . Distributed denial of service
H . Implement firewall rules to block the attacking IP addresses
Answer: C, F
Leave a Reply