200-201 • Practice Test 14
Free 200-201 practice test — 15 questions with explanations. Set 14. No signup required.
You are a cybersecurity analyst at a large enterprise. The NOC team reports that users are experiencing intermittent connectivity to the company's internal web application hosted on 192.168.1.100:443. You review the IPS logs and see repeated alerts for signature 'ET WEB_SERVER Possible HTTP Response Splitting' triggered by traffic from the web server to internal clients. The signature fires on responses containing CRLF sequences. You examine a packet capture and observe that the web server sends HTTP responses with legitimate headers but occasionally includes extra CRLF sequences in the body. The application developers confirm that the web application is custom and uses unfiltered user input in HTTP headers. The security policy requires that all internal traffic be inspected and blocked by the IPS. What is the best course of action?