ExamGecko
Search Search Login
Home Home / ISC / CCSP
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
What is the biggest benefit to leasing space in a data center versus building or maintain your own?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

Question 84 - CCSP discussion

Report
Export

Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?

A.
Sensitive data exposure
Answers
A.
Sensitive data exposure
B.
Security misconfiguration
Answers
B.
Security misconfiguration
C.
Insecure direct object references
Answers
C.
Insecure direct object references
D.
Unvalidated redirect and forwards
Answers
D.
Unvalidated redirect and forwards
Suggested answer: C

Explanation:

An insecure direct object reference occurs when a developer has in their code a reference to something on the application side, such as a database key, the directory structure of the application, configuration information about the hosting system, or any other information that pertains to the workings of the application that should not be exposed to users or the network. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, allowing spoofing for malware of phishing attacks. Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data. Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner.

Show Answer
asked 18/09/2024
Lee Greenshields
37 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms