Certified Cloud Security Professional – CCSP – Question051
Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used? A. Security misconfiguration B. Insecure direct object references C. Sensitive data exposure D. Unvalidated redirects and forwards
Correct Answer: C
Explanation:
Explanation: Sensitive data exposure occurs when information is not properly secured through encryption and secure transport mechanisms; it can quickly become an easy and broad method for attackers to compromise information. Web applications must enforce strong encryption and security controls on the application side, but secure methods of communications with browsers or other clients used to access the information are also required. Security misconfiguration occurs when applications and systems are not properly configured for security, often a result of misapplied or inadequate baselines. Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, thus allowing spoofing for malware or phishing attacks.
Please disable your adblocker or whitelist this site!