Which of the following are security weaknesses in this example?

A penetration tester is inspecting traffic on a new mobile banking application and sends the following webrequest:POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type: application/json{“account”:[{ “creditAccount”:”Credit Card Rewards account”}{ “salesLeadRef”:”www.example.com/badcontent/exploitme.exe”} ],“customer”:[{ “name”:”Joe Citizen”} { “custRef”:”3153151″}]}The banking website responds with:HTTP/1.1 200 OK{“newAccountDetails”:[{ “cardNumber”:”1234123412341234″} { “cardExpiry”:”2020-12-31″} { “cardCVV”:”909″}],“marketingCookieTracker”:”JSESSIONID=000000001″“returnCode”:”Account added successfully”}Which of the following are security weaknesses in this example? (Select TWO). […]

Read More

Which of the following should the security administrator

A security administrator is performing VDI traffic data collection on a virtual server which migrates from onehost to another. While reviewing the data collected by the protocol analyzer, the security administrator noticesthat sensitive data is present in the packet capture. Which of the following should the security administratorrecommend to ensure the confidentiality of sensitive information […]

Read More

which of the following options is MOST accurate?

A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISOwants to know upfront what the projected TCO would be before looking further into this concern. Two vendorproposals have been received:Vendor A: product-based solution which can be purchased by the pharmaceutical company.Capital expenses to cover central log collectors, correlators, storage […]

Read More

Which of the following software development methods is

A company has received the contract to begin developing a new suite of software tools to replace an agingcollaboration solution. The original collaboration solution has been in place for nine years, contains over amillion lines of code, and took over two years to develop originally. The SDLC has been broken up into eightprimary stages, with […]

Read More

which of the followingtools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve companyemployees who call with computer-related problems. The helpdesk staff is currently unable to perform effectivetroubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff islocated within the company headquarters and 90% of the […]

Read More

Which of the following denotes the BEST way to mitigate

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of thePOS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. Anadditional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voiceconnectivity for store VoIP […]

Read More

which of the following operating systems is MOST likely running on the unknown

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin herinvestigative work, she runs the following nmap command string:user@hostname:~$ sudo nmap O 192.168.1.54Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open onthe device:TCP/22TCP/111TCP/512-514TCP/2049TCP/32778Based on this information, […]

Read More