A cross-site request forgery vulnerability exploited a web application that was hosted in a public laaS network. A security engineer determined that deploying a WAF in blocking mode at a CDN would prevent the application from being exploited again. However, a week after implementing the WAF, the application was exploited again.
Which of the following should the security engineer do to make the WAF control effective?
A . Configure the DDoS protection on the CDN.
B . Install endpoint protection software on the VMs
C . Add an ACL to the VM subnet.
D . Deploy an IDS on the laaS network.
Answer: C
Explanation:
After a WAF deployment fails to prevent an exploit, adding an Access Control List (ACL) to the Virtual Machine (VM) subnet can be an effective control. ACLs provide an additional layer of security by explicitly defining which traffic can or cannot enter a network segment. By setting granular rules based on IP addresses, protocols, and ports, ACLs help to restrict access to resources, thereby mitigating potential exploits and enhancing the security of the IaaS network.
Reference: CompTIA Cloud+ materials cover governance, risk, compliance, and security for the cloud, including the implementation of network security controls like ACLs, to protect cloud environments from unauthorized access and potential security threats.
Latest CV0-004 Dumps Valid Version with 213 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund