[Jun 23, 2023] ECCouncil 312-50v12 Exam Dumps Files, Q1/178: Ron, a security professional, was pen testing web applications and SaaS platforms used by his company.

Join the discussion

Question 1/178

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. What is the API vulnerability revealed in the above scenario?

A. Business logic flaws

B. Improper use of CORS

C. Code injections

D. No ABAC validation

Add Comments

Other Question (178q): Q1. Ron, a security professional, was pen testing web applications and SaaS platforms used by ...; Q2. Todd has been asked by the security officer to purchase a counter-based authentication sys...; Q3. The "Gray-box testing" methodology enforces what kind of restriction?...; Q4. A post-breach forensic investigation revealed that a known vulnerability in Apache Struts ...; Q5. what are common files on a web server that can be misconfigured and provide useful Informa...; Q6. Which of the following statements is FALSE with respect to Intrusion Detection Systems?...; Q7. Identify the correct terminology that defines the above statement....; Q8. Which Nmap switch helps evade IDS or firewalls?...; Q9. Cross-site request forgery involves:; Q10. David is a security professional working in an organization, and he is implementing a vuln...; Q11. Peter is surfing the internet looking for information about DX Company. Which hacking proc...; Q12. A hacker is an intelligent individual with excellent computer skills and the ability to ex...; Q13. DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which sec...; Q14. PGP, SSL, and IKE are all examples of which type of cryptography?...; Q15. In the field of cryptanalysis, what is meant by a "rubber-hose" attack?...; Q16. Stephen, an attacker, targeted the industrial control systems of an organization. He gener...; Q17. You have successfully comprised a server having an IP address of 10.10.0.5. You would like...; Q18. An LDAP directory can be used to store information similar to a SQL database. LDAP uses a ...; Q19. Roma is a member of a security team. She was tasked with protecting the internal network o...; Q20. Your organization has signed an agreement with a web hosting provider that requires you to...; Q21. You have the SOA presented below in your Zone. Your secondary servers have not been able t...; Q22. Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into ...; Q23. Techno Security Inc. recently hired John as a penetration tester. He was tasked with ident...; Q24. Attacker Rony installed a rogue access point within an organization's perimeter and attemp...; Q25. Which of the following is a component of a risk assessment?...; Q26. Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has lear...; Q27. What is the BEST alternative if you discover that a rootkit has been installed on one of y...; Q28. Samuel, a professional hacker, monitored and Intercepted already established traffic betwe...; Q29. What is the following command used for? sqlmap.py-u ,,http://10.10.1.20/?p=1&forumacti...; Q30. An organization decided to harden its security against web-application and web-server atta...; Q31. An organization decided to harden its security against web-application and web-server atta...; Q32. Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her c...; Q33. Bob is doing a password assessment for one of his clients. Bob suspects that security poli...; Q34. Which tier in the N-tier application architecture is responsible for moving and processing...; Q35. Which wireless security protocol replaces the personal pre-shared key (PSK) authentication...; Q36. An attacker has installed a RAT on a host. The attacker wants to ensure that when a user a...; Q37. OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of...; Q38. Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. ...; Q39. You have successfully logged on a Linux system. You want to now cover your trade Your logi...; Q40. Bill has been hired as a penetration tester and cyber security auditor for a major credit ...; Q41. Which of the following are well known password-cracking programs?...; Q42. Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture t...; Q43. Which of the following scanning method splits the TCP header into several packets and make...; Q44. An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SS...; Q45. Which type of sniffing technique is generally referred as MiTM attack? (Exhibit)...; Q46. What does the following command in netcat do? nc -l -u -p55555 < /etc/passwd...; Q47. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99...; Q48. Suppose that you test an application for the SQL injection vulnerability. You know that th...; Q49. An Internet Service Provider (ISP) has a need to authenticate users connecting via analog ...; Q50. Suppose that you test an application for the SQL injection vulnerability. You know that th...; Q51. Boney, a professional hacker, targets an organization for financial benefits. He performs ...; Q52. Which of the following tools performs comprehensive tests against web servers, including d...; Q53. Which wireless security protocol replaces the personal pre-shared key (PSK) authentication...; Q54. When a security analyst prepares for the formal security assessment - what of the followin...; Q55. Attacker Lauren has gained the credentials of an organization's internal server system, an...; Q56. In both pharming and phishing attacks, an attacker can create websites that look similar t...; Q57. _________ is a type of phishing that targets high-profile executives such as CEOs, CFOs, p...; Q58. Every company needs a formal written document which spells out to employees precisely what...; Q59. By using a smart card and pin, you are using a two-factor authentication that satisfies...; Q60. Firewalls are the software or hardware systems that are able to control and monitor the tr...; Q61. Annie, a cloud security engineer, uses the Docker architecture to employ a client/server m...; Q62. what is the port to block first in case you are suspicious that an loT device has been com...; Q63. Why should the security analyst disable/remove unnecessary ISAPI filters?...; Q64. ping-* 6 192.168.0.101 Output: Pinging 192.168.0.101 with 32 bytes of data: Reply from 192...; Q65. A technician is resolving an issue where a computer is unable to connect to the Internet u...; Q66. Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experien...; Q67. which of the following protocols can be used to secure an LDAP service against anonymous q...; Q68. env x='(){ :;};echo exploit' bash -c 'cat/etc/passwd' What is the Shellshock bash vulnerab...; Q69. Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring t...; Q70. What would be the fastest way to perform content enumeration on a given web server by usin...; Q71. Judy created a forum, one day. she discovers that a user is posting strange images without...; Q72. This type of injection attack does not show any error message. It is difficult to exploit ...; Q73. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/T...; Q74. A penetration tester is performing the footprinting process and is reviewing publicly avai...; Q75. Bill is a network administrator. He wants to eliminate unencrypted traffic inside his comp...; Q76. Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN ...; Q77. What tool can crack Windows SMB passwords simply by listening to network traffic?...; Q78. An attacker scans a host with the below command. Which three flags are set? # nmap -sX hos...; Q79. A group of hackers were roaming around a bank office building in a city, driving a luxury ...; Q80. Sam, a web developer, was instructed to incorporate a hybrid encryption software program i...; Q81. Eve is spending her day scanning the library computers. She notices that Alice is using a ...; Q82. Which system consists of a publicly available set of databases that contain domain name re...; Q83. jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's...; Q84. This form of encryption algorithm is asymmetric key block cipher that is characterized by ...; Q85. Firewalk has just completed the second phase (the scanning phase) and a technician receive...; Q86. What is the least important information when you analyze a public IP address in a security...; Q87. A large company intends to use Blackberry for corporate mobile phones and a security analy...; Q88. Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experien...; Q89. John, a disgruntled ex-employee of an organization, contacted a professional hacker to exp...; Q90. A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP reques...; Q91. Within the context of Computer Security, which of the following statements describes Socia...; Q92. Which of the following is the BEST way to defend against network sniffing?...; Q93. Josh has finished scanning a network and has discovered multiple vulnerable services. He k...; Q94. You have successfully comprised a server having an IP address of 10.10.0.5. You would like...; Q95. You went to great lengths to install all the necessary technologies to prevent hacking att...; Q96. What two conditions must a digital signature meet?...; Q97. Why is a penetration test considered to be more thorough than vulnerability scan?...; Q98. If executives are found liable for not properly protecting their company's assets and info...; Q99. John, a professional hacker, decided to use DNS to perform data exfiltration on a target n...; Q100. Your company performs penetration tests and security assessments for small and medium-size...; Q101. Suppose your company has just passed a security risk assessment exercise. The results disp...; Q102. What is not a PCI compliance recommendation?; Q103. Which of the following tools are used for enumeration? (Choose three.)...; Q104. infecting a system with malware and using phishing to gain credentials to a system or web ...; Q105. Harper, a software engineer, is developing an email application. To ensure the confidentia...; Q106. This wireless security protocol allows 192-bit minimum-strength security protocols and cry...; Q107. Robin, a professional hacker, targeted an organization's network to sniff all the traffic....; Q108. You are attempting to run an Nmap port scan on a web server. Which of the following comman...; Q109. Hackers often raise the trust level of a phishing message by modeling the email to look si...; Q110. When considering how an attacker may exploit a web server, what is web server footprinting...; Q111. To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undete...; Q112. What would you enter if you wanted to perform a stealth scan using Nmap?...; Q113. Bob, a network administrator at BigUniversity, realized that some students are connecting ...; Q114. This is an attack that takes advantage of a web site vulnerability in which the site displ...; Q115. Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was design...; Q116. Which of the following allows attackers to draw a map or outline the target organization's...; Q117. Attacker Simon targeted the communication network of an organization and disabled the secu...; Q118. Kevin, a professional hacker, wants to penetrate CyberTech Inc.'s network. He employed a t...; Q119. What does a firewall check to prevent particular ports and applications from getting packe...; Q120. Robert, a professional hacker, is attempting to execute a fault injection attack on a targ...; Q121. Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he ...; Q122. An attacker decided to crack the passwords used by industrial control systems. In this pro...; Q123. Attempting an injection attack on a web server based on responses to True/False...; Q124. Which of the following LM hashes represent a password of less than 8 characters? (Choose t...; Q125. While examining audit logs, you discover that people are able to telnet into the SMTP serv...; Q126. A computer science student needs to fill some information into a secured Adobe PDF job app...; Q127. Which of the following provides a security professional with most information about the sy...; Q128. When a normal TCP connection starts, a destination host receives a SYN (synchronize/start)...; Q129. Which of the following is a command line packet analyzer similar to GUI-based Wireshark?...; Q130. Jake, a professional hacker, installed spyware on a target iPhone to spy on the target use...; Q131. When discussing passwords, what is considered a brute force attack?...; Q132. Gavin owns a white-hat firm and is performing a website security audit for one of his clie...; Q133. Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless...; Q134. "........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate ...; Q135. To hide the file on a Linux system, you have to start the filename with a specific charact...; Q136. What is a NULL scan?; Q137. The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common V...; Q138. You need to deploy a new web-based software package for your organization. The package req...; Q139. Shiela is an information security analyst working at HiTech Security Solutions. She is per...; Q140. Robin, a professional hacker, targeted an organization's network to sniff all the traffic....; Q141. As a securing consultant, what are some of the things you would recommend to a company to ...; Q142. You are trying to break into a highly classified top-secret mainframe computer with highes...; Q143. Attacker Rony Installed a rogue access point within an organization's perimeter and attemp...; Q144. Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDE...; Q145. which type of virus can change its own code and then cipher itself multiple times as it re...; Q146. What piece of hardware on a computer's motherboard generates encryption keys and only rele...; Q147. John, a disgruntled ex-employee of an organization, contacted a professional hacker to exp...; Q148. While scanning with Nmap, Patin found several hosts which have the IP ID of incremental se...; Q149. Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machin...; Q150. which of the following Bluetooth hacking techniques refers to the theft of information fro...; Q151. Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless...; Q152. What port number is used by LDAP protocol?; Q153. A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur o...; Q154. What is the proper response for a NULL scan if the port is closed?...; Q155. Shellshock allowed an unauthorized user to gain access to a server. It affected many Inter...; Q156. Log monitoring tools performing behavioral analysis have alerted several suspicious logins...; Q157. There have been concerns in your network that the wireless network component is not suffic...; Q158. A company's policy requires employees to perform file transfers using protocols which encr...; Q159. You are a penetration tester tasked with testing the wireless network of your client Brake...; Q160. One of your team members has asked you to analyze the following SOA record. What is the TT...; Q161. The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255...; Q162. Why would you consider sending an email to an address that you know does not exist within ...; Q163. A company's Web development team has become aware of a certain type of security vulnerabil...; Q164. To determine if a software program properly handles a wide range of invalid input, a form ...; Q165. What is a "Collision attack" in cryptography?; Q166. At what stage of the cyber kill chain theory model does data exfiltration occur?...; Q167. You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social...; Q168. A newly joined employee. Janet, has been allocated an existing system used by a previous e...; Q169. The Payment Card Industry Data Security Standard (PCI DSS) contains six different categori...; Q170. is a set of extensions to DNS that provide the origin authentication of DNS data to DNS cl...; Q171. Joel, a professional hacker, targeted a company and identified the types of websites frequ...; Q172. An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code...; Q173. You have been authorized to perform a penetration test against a website. You want to use ...; Q174. Henry is a penetration tester who works for XYZ organization. While performing enumeration...; Q175. Elante company has recently hired James as a penetration tester. He was tasked with perfor...; Q176. Thomas, a cloud security professional, is performing security assessment on cloud services...; Q177. joe works as an it administrator in an organization and has recently set up a cloud comput...; Q178. In order to tailor your tests during a web-application scan, you decide to determine which...

Join the discussion

Question 1/178

Add Comments

Download PDF File