A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company's mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:
Which of the following is the most likely cause of the security control bypass?
A. IP address allow list
B. User-agent spoofing
C. WAF bypass
D. Referrer manipulation
Which of the following is the most likely cause of the security control bypass?
A. IP address allow list
B. User-agent spoofing
C. WAF bypass
D. Referrer manipulation