An organization has recently experienced a data breach where large amounts of personal data were compromised. As part of a post-incident review, the privacy technologist wants to analyze available data to understand what vulnerabilities may have contributed to the incident occurring. He learns that a key vulnerability had been flagged by the system but that detective controls were not operating effectively.
Which type of web application security risk does this finding most likely point to?
A . Insecure Design.
B. Misconfiguration.
C. Vulnerable and Outdated Components.
D. Logging and Monitoring Failures.
Answer: D
Explanation:
if an organization has recently experienced a data breach where large amounts of personal data were compromised and a post-incident review reveals that a key vulnerability had been flagged by the system but that detective controls were not operating effectively, this finding most likely points to logging and monitoring failures as a type of web application security risk. Effective logging and monitoring can help detect and respond to security incidents in a timely manner.
Latest CIPT Dumps Valid Version with 90 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund