CV0-004 · Question #220
CV0-004 Question #220: Real Exam Question with Answer & Explanation
The correct answer is C: Add an ACL to the VM subnet.. After a WAF deployment fails to prevent an exploit, adding an Access Control List (ACL) to the Virtual Machine (VM) subnet can be an effective control. ACLs provide an additional layer of security by explicitly defining which traffic can or cannot enter a network segment. By sett
Question
A cross-site request forgery vulnerability exploited a web application that was hosted in a public laaS network. A security engineer determined that deploying a WAF in blocking mode at a CDN would prevent the application from being exploited again. However, a week after implementing the WAF, the application was exploited again. Which of the following should the security engineer do to make the WAF control effective?
Options
- AConfigure the DDoS protection on the CDN.
- BInstall endpoint protection software on the VMs
- CAdd an ACL to the VM subnet.
- DDeploy an IDS on the laaS network.
Explanation
After a WAF deployment fails to prevent an exploit, adding an Access Control List (ACL) to the Virtual Machine (VM) subnet can be an effective control. ACLs provide an additional layer of security by explicitly defining which traffic can or cannot enter a network segment. By setting granular rules based on IP addresses, protocols, and ports, ACLs help to restrict access to resources, thereby mitigating potential exploits and enhancing the security of the IaaS network.
Topics
Community Discussion
No community discussion yet for this question.