CompTIA CySA+ (CS0-001) — Question 258

A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?

Answer options

• A. The security analyst should recommend this device be placed behind a WAF.
• B. The security analyst should recommend an IDS be placed on the network segment.
• C. The security analyst should recommend this device regularly export the web logs to a SIEM system.
• D. The security analyst should recommend this device be included in regular vulnerability scans.

Correct answer: A

Explanation

Recommending the device be placed behind a WAF (Web Application Firewall) is the correct answer because a WAF can help filter and monitor HTTP requests, thereby mitigating SQL injection attacks. The other options, while useful for security, do not directly address the SQL injection vulnerability; an IDS only detects intrusions, exporting logs to a SIEM aids in analysis but does not prevent attacks, and vulnerability scans do not provide real-time protection.