A. The HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker. The consultant should recommend disabling HTTP on the web server.

B. XSS could be used to inject code into the login page during the redirect to the HTTPS site. The consultant should implement a WAF to prevent this.

C. A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic.
Implementing HSTS on the web server would prevent this.

D. The consultant is concerned the site is using an older version of the SSL 3.0 protocol that is vulnerable to a variety of attacks. Upgrading the site to TLS 1.0 would mitigate this issue.

A. Integrating two different IT systems might result in a successful data breach if threat intelligence is not shared between the two enterprises

B. Merging two enterprise networks could result in an expanded attack surface and could cause outages if trust and permission issues are not handled carefully

C. Expanding the set of data owners requires an in-depth review of all data classification decisions, impacting availability during the review

D. The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systems

A. NFC

B. UEFI

C. Biometrics

D. HSM

E. SEAndroid

F. Secure element

A. Access is limited to interactive logins on the VDi

B. Access is captured in event logs that include source address, time stamp, and outcome

C. Access to hardware platforms is restricted to the systems administrator's IP address

D. Application logs are hashed cryptographically and sent to the SIEM

E. The IP addresses of server management interfaces are located within the company's extranet

F. Integrated platform management interfaces are configured to allow access only via SSH

A. 시엠

B. 취약점 스캐너

C. 포트 스캐너

D. SCAP 스캐너