Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears: Error Message in Database Connection Connection to host USA-WebApp-Database failed Database "Prod-DB01" not found Table "CustomerInfo" not found Please retry your request later Which of the following best describes the analyst's findings and a potential mitigation technique?
Correct Answer: C
The error message reveals sensitive details (hostnames, database names, table names), constituting information disclosure. This aids attackers in reconnaissance. Mitigation involves modifying the application to display generic error messages (e.g., "An error occurred") instead of specifics. Option A: Unsecure references suggest coding flaws, but this is a configuration/output issue, not input sanitization. Option B: Unsecure protocols and HttpOnly cookies relate to session security, not error handling. Option C: Correct-information disclosure is the issue; generic errors mitigate it. Option D: No evidence of SQL injection (e.g., manipulated input); upgrading the database doesn't address disclosure.