A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company's mobile application. After reviewing the back-end server logs, the security analyst finds the following entries: Which of the following is the most likely cause of the security control bypass?

Questions › Category: SY0-601 › A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company’s mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

Which of the following is the most likely cause of the security control bypass?

0 Vote Up Vote Down

Admin Staff asked 12 months ago

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company's mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

Which of the following is the most likely cause of the security control bypass?

A. IP address allow list

B. User-agent spoofing

C. WAF bypass

D. Referrer manipulation





 

Correct Answer: B

This question is in SY0-601 exam
For getting CompTIA Security+ certificate

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

A user is trying to upload a tax document which the corporate finance department requested but a security program is prohibiting the upload. A security analyst determines the file contains PII. Which of the following steps can the analyst take to correct this issue?

Cisco IOS Popular Commands

Recommended

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Fortinet NSE 4 – FortiOS 7.2 certificate

Welcome Back!

Create New Account!

Retrieve your password

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

A user is trying to upload a tax document which the corporate finance department requested but a security program is prohibiting the upload. A security analyst determines the file contains PII. Which of the following steps can the analyst take to correct this issue?

Cisco IOS Popular Commands

Related Questions

Recommended

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Fortinet NSE 4 – FortiOS 7.2 certificate

Welcome Back!

Create New Account!

Retrieve your password