DRAG DROP
You suspect that multiple unrelated security events have occurred on several nodes on a corporate network.
You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.
Instructions:
The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing PC are clickable.
Some actions may not be required and each actions can only be used once per node. The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
Select and Place:
Answer: See the explanation.
Explanation:
Marketing PC has no recommended solutions, despite it seeding what appears to be a torrent?
Not sure if these answers are correct.
Believe the answer for web server should be secure coding based on entries in the log such as:
SELECT 1,pass,cc FROM users where uname ‘test’
Potentially allows for SQL injection.
Answer for marketing PC should be application whitelisting (to prevent the torrent client being installed).
0
0