nerdexam
EC-Council

312-50V10 · Question #540

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point know

The correct answer is D. Trap door. A trap door is a hidden entry point intentionally left in software by developers, typically for testing, that becomes a security vulnerability if not removed before production deployment.

System Hacking

Question

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

Options

  • ASDLC process
  • BHoney pot
  • CSQL injection
  • DTrap door

How the community answered

(33 responses)
  • A
    3% (1)
  • C
    3% (1)
  • D
    94% (31)

Why each option

A trap door is a hidden entry point intentionally left in software by developers, typically for testing, that becomes a security vulnerability if not removed before production deployment.

ASDLC process

SDLC (Software Development Life Cycle) is the overall process for planning, developing, testing, and deploying software, not a specific hidden entry point.

BHoney pot

A honeypot is a deliberately exposed decoy system or resource designed to attract and monitor attackers, not a developer-created secret entry point.

CSQL injection

SQL injection is an attack technique that exploits unvalidated input to manipulate database queries, not a hidden entry point left by a programmer.

DTrap doorCorrect

A trap door (also called a backdoor) is a secret mechanism embedded in an application by programmers to bypass normal authentication or access controls during development. If left in a live environment, it provides an unauthorized pathway that attackers can discover and exploit to gain privileged access. This is a recognized secure SDLC risk and is distinct from externally introduced vulnerabilities.

Concept tested: Trap door / backdoor in application security

Source: https://csrc.nist.gov/glossary/term/trapdoor

Topics

#trap door#backdoor#SDLC#software security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice