A developer has executed code for a website that allows users to search for employees’ phone numbers by last
name. The query string sent by the browser is as follows:
te.com/search.php?q=SMITH
The developer has implemented a well-known JavaScript sanitization library and stored procedures, but a
penetration test shows the website is vulnerable to XSS. Which of the following should the developer implement
NEXT to prevent XSS? (Choose two.)
A network service on a production system keeps crashing at random times. The systems administrator suspects a bug in the listener is causing the service to crash, resuming in the a DoS. Which the service crashes, a core dump is left in the /tmp directory. Which of the following tools can the systems administrator use to reproduction these symptoms?
A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary. Which of the following in the MOST likely explanation for why the organization network was compromised?
A corporation with a BYOD policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MDM solution and has gathered the following requirements as part of the requirements-gathering phase.
* Each device must be issued a secure token of trust from the corporate PKI.
* All corporate application and local data must be able to deleted from a central console.
* Cloud storage and backup applications must be restricted from the device.
* Devices must be on the latest OS version within three weeks of an OS release.
Which of the following should be feature in the new MDM solution to meet these requirement? (Select TWO.)
TESTED 25 Apr 2024
