A security engineer is reviewing the following piece of code for an internally developed web application that allows employees to manipulate documents from a number of internal servers. Users can specify the document to be parsed by passing the document URL to the application as a parameter. The application then executes the following Python call: response = requests.get(url)The engineer wants to improve the security of the application before deployment. Which of the following is the best to implement?
During a security assessment, a penetration tester executed the following attack:The tester then shared the results with the security analyst. Which of the following should the analyst do to remediate the attack?
Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Choose two.)
A security engineer wants to reduce the attack surface of a public-facing containerized application. Which of the following will best reduce the application's privilege escalation attack surface?
A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository. The security team needs to be able to quickly evaluate whether to respond to a given vulnerability. Which of the following will allow the security team to achieve the objective with the least effort?
A company plans to implement a research facility with intellectual property data that should be protected. The following is the security diagram proposed by the security architect:Which of the following security architect models is illustrated by the diagram?
