CAS-002 Exam Dumps | A penetration tester is inspecting traffic on a new mobile banking application and sends the following

<< Prev Question Next Question >>

Question 225/243

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1
Content-type: application/json
{
"account":
[
{ "creditAccount":"Credit Card Rewards account"} { "salesLeadRef":"www.example.com/badcontent/ exploitme.exe"}
],
"customer":
[
{ "name":"Joe Citizen"} { "custRef":"3153151"}
]
}
The banking website responds with:
HTTP/1.1 200 OK
{
"newAccountDetails":
[
{ "cardNumber":"1234123412341234"} { "cardExpiry":"2020-12-31"}
{ "cardCVV":"909"}
],
"marketingCookieTracker":"JSESSIONID=000000001"
"returnCode":"Account added successfully"
}
Which of the following are security weaknesses in this example? (Select TWO).

A. Missing input validation on some fields

B. Vulnerable to SQL injection

C. Vulnerable to XSS

D. Sensitive details communicated in clear-text

E. Vulnerable to malware file uploads

F. JSON/REST is not as secure as XML

Question List (243q): Question 1: A university requires a significant increase in web and data...; Question 2: Company ABC will test connecting networks with Company XYZ a...; Question 3: Customer Need: "We need the system to produce a series of nu...; Question 4: Some mobile devices are jail-broken by connecting via USB ca...; Question 5: In order to reduce costs and improve employee satisfaction, ...; Question 6: A facilities manager has observed varying electric use on th...; Question 7: A Chief Information Security Officer (CISO) of a major consu...; Question 8: A security administrator is performing VDI traffic data coll...; Question 9: A retail bank has had a number of issues in regards to the i...; Question 10: An administrator has a system hardening policy to only allow...; Question 11: A corporation has Research and Development (R&D) and IT ...; Question 12: An administrator is implementing a new network-based storage...; Question 13: A software developer and IT administrator are focused on imp...; Question 14: An intrusion detection system logged an attack attempt from ...; Question 15: Part of the procedure for decommissioning a database server ...; Question 16: A developer is coding the crypto routine of an application t...; Question 17: The security manager of a company has hired an external cons...; Question 18: A corporation has expanded for the first time by integrating...; Question 19: A bank has decided to outsource some existing IT functions a...; Question 20: The security administrator is responsible for the confidenti...; Question 21: An employee is performing a review of the organization's sec...; Question 22: A pentester must attempt to crack passwords on a windows dom...; Question 23: An administrator at a small company replaces servers wheneve...; Question 24: A recently hired security administrator is advising develope...; Question 25: A security administrator wants to verify and improve the sec...; Question 26: Company XYZ plans to donate 1,000 used computers to a local ...; Question 27: A company receives a subpoena for email that is four years o...; Question 28: A security services company is scoping a proposal with a cli...; Question 29: A security code reviewer has been engaged to manually review...; Question 30: A large corporation which is heavily reliant on IT platforms...; Question 31: A trust relationship has been established between two organi...; Question 32: A company has a difficult time communicating between the sec...; Question 33: An administrator is notified that contract workers will be o...; Question 34: The <nameID> element in SAML can be provided in which ...; Question 35: A security researcher is about to evaluate a new secure VoIP...; Question 36: A security manager is developing new policies and procedures...; Question 37: The following has been discovered in an internally developed...; Question 38: A bank is in the process of developing a new mobile applicat...; Question 39: The Chief Information Security Officer (CISO) at a software ...; Question 40: A security analyst, Ann, states that she believes Internet f...; Question 41: A company receives an e-discovery request for the Chief Info...; Question 42: Which of the following is the BEST place to contractually do...; Question 43: An Association is preparing to upgrade their firewalls at fi...; Question 44: Which of the following BEST explains SAML?...; Question 45: A team of security engineers has applied regulatory and corp...; Question 46: Within the company, there is executive management pressure t...; Question 47: The Chief Technology Officer (CTO) has decided that servers ...; Question 48: An architect has been engaged to write the security viewpoin...; Question 49: An organization recently upgraded its wireless infrastructur...; Question 50: A company provides on-demand cloud computing resources for a...; Question 51: A large financial company has a team of security-focused arc...; Question 52: After reviewing a company's NAS configuration and file syste...; Question 53: A business unit of a large enterprise has outsourced the hos...; Question 54: A security administrator is redesigning, and implementing a ...; Question 55: Company A is purchasing Company B. Company A uses a change m...; Question 56: A company that must comply with regulations is searching for...; Question 57: In single sign-on, the secondary domain needs to trust the p...; Question 58: Which of the following technologies prevents an unauthorized...; Question 59: A system administrator has installed a new Internet facing s...; Question 60: Which of the following BEST constitutes the basis for protec...; Question 61: Several business units have requested the ability to use col...; Question 62: The finance department for an online shopping website has di...; Question 63: A security engineer is troubleshooting a possible virus infe...; Question 64: Which of the following is the information owner responsible ...; Question 65: Company A has a remote work force that often includes indepe...; Question 66: An administrator wishes to replace a legacy clinical softwar...; Question 67: A security administrator at a Lab Company is required to imp...; Question 68: A large bank deployed a DLP solution to detect and block cus...; Question 69: A Security Manager is part of a team selecting web conferenc...; Question 70: Every year, the accounts payable employee, Ann, takes a week...; Question 71: A medical device manufacturer has decided to work with anoth...; Question 72: Since the implementation of IPv6 on the company network, the...; Question 73: Customers have recently reported incomplete purchase history...; Question 74: In an effort to minimize costs, the management of a small ca...; Question 75: The risk manager at a small bank wants to use quantitative a...; Question 76: A security solutions architect has argued consistently to im...; Question 77: A bank provides single sign on services between its internal...; Question 78: A security administrator has noticed that an increased numbe...; Question 79: About twice a year a switch fails in a company's network cen...; Question 80: When attending the latest security conference, an informatio...; Question 81: A security administrator needs to deploy a remote access sol...; Question 82: An organization has had component integration related vulner...; Question 83: An organization has several production critical SCADA superv...; Question 84: ABC Corporation has introduced token-based authentication to...; Question 85: A Physical Security Manager is ready to replace all 50 analo...; Question 86: A company with 2000 workstations is considering purchasing a...; Question 87: Company ABC is hiring customer service representatives from ...; Question 88: A database administrator comes across the below records in o...; Question 89: An enterprise must ensure that all devices that connect to i...; Question 90: An organization is preparing to upgrade its firewall and NIP...; Question 91: A vulnerability scanner report shows that a client-server ho...; Question 92: In a situation where data is to be recovered from an attacke...; Question 93: The marketing department at Company A regularly sends out em...; Question 94: A security administrator has been asked to select a cryptogr...; Question 95: A company is preparing to upgrade its NIPS at five locations...; Question 96: A trucking company delivers products all over the country. T...; Question 97: Company policy requires that all unsupported operating syste...; Question 98: A company has been purchased by another agency and the new s...; Question 99: A bank now has a major initiative to virtualize as many serv...; Question 100: A new web application system was purchased from a vendor and...; Question 101: A security tester is testing a website and performs the foll...; Question 102: An administrator attempts to install the package "named.9.3....; Question 103: The Chief Information Security Officer (CISO) regularly rece...; Question 104: A project manager working for a large city government is req...; Question 105: Joe, a penetration tester, is tasked with testing the securi...; Question 106: Which of the following are components defined within an Ente...; Question 107: A company has noticed recently that its corporate informatio...; Question 108: The lead systems architect on a software development project...; Question 109: An IT auditor is reviewing the data classification for a sen...; Question 110: A security administrator is conducting network forensic anal...; Question 111: During a new desktop refresh, all hosts are hardened at the ...; Question 112: Company XYZ is in negotiations to acquire Company ABC for $1...; Question 113: A new IDS device is generating a very large number of irrele...; Question 114: A security engineer has inherited an authentication project ...; Question 115: A small company is developing a new Internet-facing web appl...; Question 116: An organization uses IP address block 203.0.113.0/24 on its ...; Question 117: A financial institution wants to reduce the costs associated...; Question 118: In a SPML exchange, which of the following BEST describes th...; Question 119: The network administrator at an enterprise reported a large ...; Question 120: A WAF without customization will protect the infrastructure ...; Question 121: The internal audit department is investigating a possible br...; Question 122: ABC Corporation uses multiple security zones to protect syst...; Question 123: A firm's Chief Executive Officer (CEO) is concerned that IT ...; Question 124: The sales team is considering the deployment of a new CRM so...; Question 125: Joe, the Chief Executive Officer (CEO), was an Information s...; Question 126: A security consultant is hired by a company to determine if ...; Question 127: Wireless users are reporting issues with the company's video...; Question 128: A university Chief Information Security Officer is analyzing...; Question 129: A court order has ruled that your company must surrender all...; Question 130: After being informed that the company DNS is unresponsive, t...; Question 131: An insurance company has an online quoting system for insura...; Question 132: Which of the following provides the HIGHEST level of securit...; Question 133: The DLP solution has been showing some unidentified encrypte...; Question 134: A security administrator must implement a SCADA style networ...; Question 135: An international shipping company discovered that deliveries...; Question 136: Which of the following would be used in forensic analysis of...; Question 137: The security administrator at a company has received a subpo...; Question 138: The Linux server at Company A hosts a graphical application ...; Question 139: An IT manager is working with a project manager to implement...; Question 140: A security administrator is tasked with implementing two-fac...; Question 141: A security engineer is implementing a new solution designed ...; Question 142: A Linux security administrator is attempting to resolve perf...; Question 143: A large enterprise introduced a next generation firewall app...; Question 144: Company ABC was formed by combining numerous companies which...; Question 145: A security administrator is assessing a new application. The...; Question 146: A startup company offering software on demand has hired a se...; Question 147: During an incident involving the company main database, a te...; Question 148: After the install process, a software application executed a...; Question 149: An organization has had six security incidents over the past...; Question 150: The IT director has charged the company helpdesk with saniti...; Question 151: A port in a fibre channel switch failed, causing a costly do...; Question 152: Using SSL, an administrator wishes to secure public facing s...; Question 153: Joe is a security architect who is tasked with choosing a ne...; Question 154: A morphed worm carrying a 0-day payload has infiltrated the ...; Question 155: The Chief Information Security Officer (CISO) of a small ban...; Question 156: The helpdesk is receiving multiple calls about slow and inte...; Question 157: A new company requirement mandates the implementation of mul...; Question 158: VPN users cannot access the active FTP server through the ro...; Question 159: The latest independent research shows that cyber attacks inv...; Question 160: When generating a new key pair, a security application asks ...; Question 161: It has come to the IT administrator's attention that the "po...; Question 162: A security auditor suspects two employees of having devised ...; Question 163: After three vendors submit their requested documentation, th...; Question 164: A senior network security engineer has been tasked to decrea...; Question 165: The telecommunications manager wants to improve the process ...; Question 166: An information security assessor for an organization finishe...; Question 167: A critical system audit shows that the payroll system is not...; Question 168: The Chief Information Officer (CIO) is focused on improving ...; Question 169: At 10:35 a.m. a malicious user was able to obtain a valid au...; Question 170: During a software development project review, the cryptograp...; Question 171: A company is trying to decide how to manage hosts in a branc...; Question 172: An investigator wants to collect the most volatile data firs...; Question 173: Company ABC is planning to outsource its Customer Relationsh...; Question 174: A security architect has been engaged during the implementat...; Question 175: A large company is preparing to merge with a smaller company...; Question 176: A helpdesk manager at a financial company has received multi...; Question 177: Which of the following does SAML uses to prevent government ...; Question 178: In order for a company to boost profits by implementing cost...; Question 179: A new startup company with very limited funds wants to prote...; Question 180: An IT Manager is concerned about errors made during the depl...; Question 181: Two separate companies are in the process of integrating the...; Question 182: A storage as a service company implements both encryption at...; Question 183: The Universal Research Association has just been acquired by...; Question 184: A company uses a custom Line of Business (LOB) application t...; Question 185: A Security Administrator has some concerns about the confide...; Question 186: A Chief Information Security Officer (CISO) has requested th...; Question 187: A medium-sized company has recently launched an online produ...; Question 188: The risk committee has endorsed the adoption of a security s...; Question 189: A security manager is looking into the following vendor prop...; Question 190: A newly-appointed risk management director for the IT depart...; Question 191: A company has decided to change its current business directi...; Question 192: The organization has an IT driver on cloud computing to impr...; Question 193: A risk manager has decided to use likelihood and consequence...; Question 194: Company XYZ recently acquired a manufacturing plant from Com...; Question 195: Company policy requires that all company laptops meet the fo...; Question 196: An administrator's company has recently had to reduce the nu...; Question 197: A security manager looked at various logs while investigatin...; Question 198: A security manager is collecting RFQ, RFP, and RFI publicati...; Question 199: A security architect is locked into a given cryptographic de...; Question 200: An organization has just released a new mobile application f...; Question 201: An IT manager is concerned about the cost of implementing a ...; Question 202: A process allows a LUN to be available to some hosts and una...; Question 203: New zero-day attacks are announced on a regular basis agains...; Question 204: As a cost saving measure, a company has instructed the secur...; Question 205: Which of the following should be used to identify overflow v...; Question 206: ODBC access to a database on a network-connected host is req...; Question 207: Customers are receiving emails containing a link to maliciou...; Question 208: An accountant at a small business is trying to understand th...; Question 209: A company has adopted a BYOD program. The company would like...; Question 210: Ann is testing the robustness of a marketing website through...; Question 211: The security administrator of a large enterprise is tasked w...; Question 212: An internal development team has migrated away from Waterfal...; Question 213: An industry organization has implemented a system to allow t...; Question 214: A hosting company provides inexpensive guest virtual machine...; Question 215: The security administrator is reviewing the business continu...; Question 216: A company decides to purchase commercially available softwar...; Question 217: Two storage administrators are discussing which SAN configur...; Question 218: An administrator has enabled salting for users' passwords on...; Question 219: ABC Company must achieve compliance for PCI and SOX. Which o...; Question 220: An organization has implemented an Agile development process...; Question 221: Which of the following represents important technical contro...; Question 222: A company runs large computing jobs only during the overnigh...; Question 223: A security administrator is tasked with increasing the avail...; Question 224: Due to a new regulatory requirement, ABC Company must now en...; Question 225: A penetration tester is inspecting traffic on a new mobile b...; Question 226: A system worth $100,000 has an exposure factor of eight perc...; Question 227: An administrator believes that the web servers are being flo...; Question 228: An administrator is tasked with securing several website dom...; Question 229: Company XYZ has employed a consultant to perform a controls ...; Question 230: A web developer is responsible for a simple web application ...; Question 231: The Chief Information Officer (CIO) of a technology company ...; Question 232: A system administrator has just installed a new Linux distri...; Question 233: A system administrator has a responsibility to maintain the ...; Question 234: An IT administrator wants to restrict DNS zone transfers bet...; Question 235: Two universities are making their 802.11n wireless networks ...; Question 236: Ann, a software developer, wants to publish her newly develo...; Question 237: Company XYZ provides hosting services for hundreds of compan...; Question 238: A new IT company has hired a security consultant to implemen...; Question 239: An administrator receives reports that the network is runnin...; Question 240: A user is suspected of engaging in potentially illegal activ...; Question 241: A large organization has gone through several mergers, acqui...; Question 242: A security administrator was recently hired in a start-up co...; Question 243: A company has migrated its data and application hosting to a...

Question 225/243

LEAVE A REPLY

Download PDF File