ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 66 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 66
Topic #: 1
[All 312-50v13 Questions]

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections.
Which of the following attack techniques is used by Stella to compromise the web services?

  • A. Web services parsing attacks
  • B. WS-Address spoofing
  • C. SOAPAction spoofing
  • D. XML injection
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by NikoTomas at March 11, 2025, 9:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
1 month, 1 week ago
Selected Answer: B
Correct: B (WS-Addressing Spoofing) WS-Addressing spoofing is a further Web Service specific attack [11]. The attacker sends a SOAP request to the server containing a WS-Addressing header, which provokes the server to send the SOAP response to a different endpoint. The specification has three different methods for doing this: • ReplyTo: The server sends the response to any different endpoint. • FaultTo: The server sends any SOAP Fault to a different endpoint. For attacking a Web Service, a SOAP Body without any children can be used, as this will always return a SOAP Fault. • To: The server uses a different endpoint for everything, including valid responses and SOAP Faults. Using WS-Addressing for asynchronous message exchange raises different attack possibilities, e.g. flooding another Web Service, or even Distributed Denial of Service is possible. A countermeasure against WS-Addressing spoofing is the verification of the endpoint reference (Whitelist). https://www.nds.rub.de/media/nds/veroeffentlichungen/2012/07/11/camera-ready.pdf
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago