exam questions

Exam CCSP All Questions

View all questions & answers for the CCSP exam

Exam CCSP topic 1 question 8 discussion

Actual exam question from ISC's CCSP
Question #: 8
Topic #: 1
[All CCSP Questions]

Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?

  • A. Injection
  • B. Missing function-level access control
  • C. Cross-site request forgery
  • D. Cross-site scripting
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
akg001
Highly Voted 3 years, 1 month ago
Correct
upvoted 9 times
...
serget12
Highly Voted 1 year, 2 months ago
CSRF - This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim. Don't like B as the answer, but it is the best option.
upvoted 5 times
...
Pika26
Most Recent 5 months, 3 weeks ago
Selected Answer: B
B is correct.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago