Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company’s API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap
POST /services/v1_0/Public/Members.svc/soap <
POST /services/v1_0/Public/Members.svc/soap
POST /services/v1_0/Public/Members.svc/soap
A. The clients’ authentication tokens were impersonated and replayed.
B. The clients’ usernames and passwords were transmitted in cleartext.
C. An XSS scripting attack was carried out on the server.
D. A SQL injection attack was carried out on the server.
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |