Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

A security analyst is reviewing the results of a vulnerability scan. The organiz

ID: 3741799 • Letter: A

Question


A security analyst is reviewing the results of a vulnerability scan. The organization has the following policies regarding vulnerability remediation False positives can be ignored . cvss scores of 7 and higher must be patched within one week, any lower scores can wait for the next regular patch cycle Database servers take prionity and must be patched within one week regardless of CvSS score Web servers must be patched within one week regardless of Cvss score but are secondary in priority to database servers. . All other servers must be patched within 30 days Which of the following results must be patched within the week? (Select TWO) Vulnerability CVE-2007-4465 Cross-site scripting (XSS) vulnerability in the mod autoindex.c in the Apache HTTP Server before 2.2.6 when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML Severity: 7.3 (high) Expected Result mod_autoindex.c v2.26 or greater Current Value: mod autoindex.c v2.21 Vulnerability CVE-2006-5752 Cross-site scripting (xss) vulnerability in the mod_ status module of Apache server (httpd), when ExtendedStatus is enabled and a public-server-status page is used, allows remote attackers to inject arbitrary web script or HTML Severity: 4.1 (medium) OC Vulnerability CVE-2015-1635 HTTP sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka HTTP sys impacting all IE versions with remote code execution vulnerability Severity 62 (medium) Expected Result enforceHTTPValidation 'enabled"

Explanation / Answer

The Results D and A Must be resolved within a week because:

D :result D come under category of database servers so it must be dealt with within a week regardless of its CVSS score.

A: A has a scoe of 7.3 and in the organisation policy it has illustrated that If CVSS score is greater than 7 and there is no database server in danger than the result with a CVSS score > 7 must be dealt within a week

Related Questions

A second version of the Markowitz portfolio model maximizes expected return subj
Question #3173343
A second version of the Markowitz portfolio model maximizes expected return subj
Question #3222785
A second-hand bookstore charges 50 cents for the first 10 paperbacks that you bu
Question #3544278
A second-hand car dealer is doing a promotion of a certain model of used truck.
Question #349128
A second-hand store is having a seven day sale during which the price of any uns
Question #3917404
A second-hand system wil cost $80,000. A new systers with improved technology ca
Question #368623
A second-order autoregressive model for four years of the monthly price of apple
Question #3262747
A second-order autoregressive model for four years of the monthly price of apple
Question #3289362
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
A security analyst is responsible for vulnerability scanning at a large organiza
Next
A security analyst obtained the following information from Prestopino Products\'

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.