Question
a.
Requiring HTTPS
b.
Encrypting session cookies
c.
Implementing multifactor authentication
d.
Restricting redirects to her domain
Posted under CompTIA PenTest+ Certification Exam PT0 002
Engage with the Community - Add Your Comment
Confused About the Answer? Ask for Details Here.
Know the Explanation? Add it Here.
Q. Sherry is concerned that a web application in her organization supports unvalidated redirects. Which one of the following approaches would minimize the risk of this attack?
Similar Questions
Discover Related MCQs
Q. Joe checks his web server logs and sees that someone sent the following query string to an application running on the server:
http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892' ; DROP TABLE Services;--
What type of attack was most likely attempted?
View solution
Q. Upon further inspection, Joe finds a series of thousands of requests to the same URL coming from a single IP address. Here are a few examples:
http://www.mycompany.com/servicestatus.php?serviceID=1
http://www.mycompany.com/servicestatus.php?serviceID=2
http://www.mycompany.com/servicestatus.php?serviceID=3
http://www.mycompany.com/servicestatus.php?serviceID=4
http://www.mycompany.com/servicestatus.php?serviceID=5
http://www.mycompany.com/servicestatus.php?serviceID=6
What type of vulnerability was the attacker likely trying to exploit?
View solution
Q. Joe’s adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request:
http://www.mycompany.com/../../../etc/passwd
What type of attack was most likely attempted?
View solution
Q. What type of attack depends on the fact that users are often logged into many websites simultaneously in the same browser?
View solution
Q. What type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser?
View solution
Q. Which one of the following attacks is an example of a race condition exploitation?
View solution
Q. Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance?
View solution
Q. Which one of the following tools may be used to debug applications written on a Mac platform?
View solution
Q. Norm is performing a penetration test of a web application and would like to manipulate the input sent to the application before it leaves his browser. Which one of the following tools would assist him with this task?
View solution
Q. What control is most commonly used to secure access to API interfaces?
View solution
Q. Which one of the following is a debugging tool compatible with Linux systems?
View solution
Q. During a penetration test, Bonnie discovers in a web server log that the testers attempted to access the following URL:
http://www.mycompany.com/sortusers.php?file=C:\uploads\attack.exe
What type of attack did they most likely attempt?
View solution
Suggested Topics
Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.
Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!
