Mitigating Risk for a High-Severity Vulnerability

D.

The scenario described in the question states that a high-severity vulnerability has been found on a web application, which could allow an unauthorized user to view privileged user information using an open-source library. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away. Therefore, the question asks which of the following measures should be implemented to reduce the risk to an acceptable level until the issue can be fixed.

A. Scan the code with a static code analyzer, change privileged user passwords, and provide security training. This option suggests three measures to be implemented to reduce the risk: scanning the code with a static code analyzer, changing privileged user passwords, and providing security training. Scanning the code with a static code analyzer can identify potential vulnerabilities in the code, but it may not catch all types of vulnerabilities. Changing privileged user passwords is a good practice, but it will not address the vulnerability caused by the open-source library. Providing security training can help users to identify and prevent security risks, but it is not directly related to mitigating the vulnerability.

B. Change privileged usernames, review the OS logs, and deploy hardware tokens. This option suggests three measures to be implemented to reduce the risk: changing privileged usernames, reviewing the OS logs, and deploying hardware tokens. Changing privileged usernames may make it harder for attackers to guess the usernames, but it will not address the vulnerability caused by the open-source library. Reviewing the OS logs can help identify potential attacks, but it will not prevent the vulnerability. Deploying hardware tokens can add an extra layer of security, but it will not directly address the vulnerability.

C. Implement MFA, review the application logs, and deploy a WA. This option suggests three measures to be implemented to reduce the risk: implementing MFA, reviewing the application logs, and deploying a WA (Web Application Firewall). Implementing MFA (Multi-Factor Authentication) can prevent unauthorized access to the system, which can reduce the risk caused by the vulnerability. Reviewing the application logs can help identify potential attacks and provide insights into how the vulnerability is being exploited. Deploying a WA can protect the application from known and unknown attacks, which can help mitigate the vulnerability.

D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities. This option suggests three measures to be implemented to reduce the risk: deploying a VPN, configuring an official open-source library repository, and performing a full application review for vulnerabilities. Deploying a VPN can protect the communication between the users and the application, but it will not address the vulnerability caused by the open-source library. Configuring an official open-source library repository can ensure that the open-source library used in the application is the latest version and free of known vulnerabilities, which can help mitigate the vulnerability. Performing a full application review for vulnerabilities can identify potential vulnerabilities in the application, which can help reduce the risk caused by the vulnerability.

Based on the options provided, the most appropriate answer is option C, which suggests implementing MFA, reviewing the application logs, and deploying a WA. These measures can help mitigate the risk caused by the vulnerability until the issue can be fixed.