Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Choose two.)
It's A & D. Hardening existing applications will derive no benefits whatsoever, from "Sandboxing."
However, aside enabling Auto-Updates of their applications, they might also want to safeguard 3rd-Party Solutions (CRM, ERP, Web-based solutions, etc) by ensuring they are regularly patched/updated.
Every other options would be "chasing shadows."
Ok so i wasnt the only one thinking this way by how the question is worded. Im not understanding what sandboxing has to do with hardening the vulnerabilities right now when it could be as easy as updating and auto updating. idk maybe im wrong though
B. HTTP headers: Configuring secure HTTP headers can help protect against various web application vulnerabilities, such as cross-site scripting (XSS), clickjacking, and certain types of information leakage.
C. Secure cookies: Ensuring that cookies are secure and properly configured helps prevent various attacks like session hijacking and cookie tampering.
auto-update does not reduce application vulnerabilities, per se. They can actually increase vulnerabilities in many cases. Also, updates can be for new features and, in the enterprise environment, auto-updating can destabilize many systems (making the less secure), why you should test thoroughly before doing so. Sandboxing doesn't actually fix vulnerabilities in apps nor does it harden them, it merely mitigates them (the apps, themselves, are still vulnerable).
A. Auto-update
B. HTTP headers
Auto-update ensures that software remains up-to-date with the latest security patches, addressing known vulnerabilities promptly. Configuring HTTP headers properly enhances web application security by mitigating common web-based attacks. These proactive measures can significantly reduce the attack surface and strengthen the overall security posture of the applications.
Going a bit against the grain and saying A&D. Since it asks what should be done first. Sandboxing or HTTP stuff is nice in certain cases, but if your software isn't patched then that's the number one way it will become vulnerable. Whether it's first party or third party.
AF- Auto-update ensures that all software has the latest security patches, minimizing security risks. Sandboxing is a security mechanism for separating running programs, often used to execute untested codes, preventing software vulnerabilities from spreading across the system
Auto-update is not hardening, so it's out. B & C are application hardening methods (for web apps including intranet apps - which is extremely common today)
D is not hardening, per se - (one bad update can weaken a system - ask Microsoft)
E & G are not application hardening, either (they protect data at rest, not really the application)
F is a hardening technique for an entire system - not really just an application
who told you auto-update is not a hardening technique? I would advise you to read more before posting, unless you are really sure, as this is causing so much confusion.. https://checklist.gg/templates/software-hardening-checklist
sandboxing is used for containment/isolation. for example, a web browser can be run in a sandbox to mitigate attacks through the browser (i.e. malvertising, drive-by downloads, browser zero-days, etc). IOS employ sandboxing for all its running apps. sandboxing can be used for testing but it's not the sole purpose
As usual, we are stuck in uncertainty due to the poor wording of the question and are forced to make an inference. Personally, I like BC over AD.
I think generally, CompTIA teaches us to be wary of auto-update policies in enterprise environments, and instead preaches the use of patch management suites. I think this can be attributed to auto-updates having the potential to cause compatibility, performance, and availability issues. I'm using similar reasoning to be wary of third-party updates -- patch management can help vet/schedule those updates so they are implemented seamlessly.
Therefore, I'm more comfortable making the inference of web application security, resulting in my decision to select BC.
So with this question, all other options are things that are good security measures.
A) A good Security Practice but not hardening.
D) Same as A.
E) a protective measure
F) limits an applications “reach” so it doesn’t access other parts of the system.
G) same as e.
I could be wrong, but just based on the way the question was worded, and it is worded horribly, the only two that I could think would apply in this situation is B and C.
I picked B & C because they are specific to actual application hardening, not mitigating attack surface (sandboxing is not app hardening, but network hardening & risk mitigation)
A. Auto-update
D. Third-party updates
I've done some research on the top system hardening actions to take first.
Multiple sources are saying that these are the most important things.
-- Auto OS updates
-- Keep third party software on the system patched.
Since the question says "existing solutions" it makes me think this is in reference to third party software which could also be accessed via a web application. Based on the "existing solutions" I would use A.) Auto-update.
F.) Sandboxing - I would consider this something I would do "FIRST" to mitigate application related vulnerabilities; especially if there is a third-party application with unpatchable vulnerabilities.
The question seems to lack any meaningful context. What type of application is it? What is the environment?
Some folks here assume a web app, but I would not be so sure.
A. Auto-update: Implementing auto-updates ensures that your applications are always running the most recent and secure versions
C. Secure cookies: Many web applications use cookies to maintain session state and store user-specific information. If these cookies are compromised, it could lead to session hijacking or unauthorized access.
In a general context where the goal is to reduce application vulnerabilities, it’s reasonable to prioritize measures that address common software vulnerabilities and protect against potential threats.
Sandboxing often takes priority because it directly mitigates application-related vulnerabilities and helps prevent malicious code or actions within an application from affecting the broader system.
Full disk encryption, while important for data security, primarily addresses data-at-rest protection.While valuable, it doesn’t directly reduce application vulnerabilities
So, when the goal is to reduce application vulnerabilities, prioritizing sandboxing over full disk encryption makes more sense.
Most of us here arguing based on web based application security or general context of app security at first instance. Indeed in question clearly said reduce app vulnerabilities. Not web applications just needs bit more scrutiny
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
NetTech
Highly Voted 10 months, 3 weeks agoYomzie
5 months, 1 week agojkalfo
11 hours, 47 minutes agoApplebeesWaiter1122
Highly Voted 11 months, 3 weeks agosujon_london
9 months, 3 weeks agoBD69
3 months, 1 week agoccnaexam28
11 months, 2 weeks agoSUZII
Most Recent 2 months, 1 week agorussian
2 months, 1 week agops1hacker
2 months, 4 weeks ago_deleteme_
3 months agoBD69
3 months, 1 week agoglenndexter
1 month, 4 weeks agofrancuza
4 months agoxihjr
3 months, 1 week agoBD69
3 months, 1 week agoslapster
4 months, 2 weeks agoGrahamtb
5 months agoBD69
3 months, 1 week agoganymede
5 months agoAceVander
7 months, 1 week agofryderyk
8 months, 1 week agoCisco103
9 months, 2 weeks ago32d799a
9 months, 2 weeks agoaddcomptia
9 months, 2 weeks agosujon_london
9 months, 3 weeks agosujon_london
9 months, 3 weeks ago