312-50V13 · Question #628
312-50V13 Question #628: Real Exam Question with Answer & Explanation
Sign in or unlock 312-50V13 to reveal the answer and full explanation for question #628. The question stem and answer options stay visible for context.
Question
During a penetration test, an ethical hacker is exploring the security of a complex web application. The application heavily relies on JavaScript for client-side input sanitization, with an apparent assumption that this alone is adequate to prevent injection attacks. During the investigation, the ethical hacker also notices that the application utilizes cookies to manage user sessions but does not enable the HttpOnly flag. This lack of flag potentially exposes the cookies to client-side scripts. Given these identified vulnerabilities, what would be the most effective strategy for the ethical hacker to exploit this application?
Options
- AInstigate a Distributed Denial of Service (DDoS) attack to overload the server, capitalizing on
- BImplement an SQL Injection attack to take advantage of potential unvalidated input and gain
- CEmploy a brute-force attack to decipher user credentials, considering the lack of server-side
- DLaunch a Cross-Site Scripting (XSS) attack, aiming to bypass the client-side sanitization and
Unlock 312-50V13 to see the answer
You've previewed enough free 312-50V13 questions. Unlock 312-50V13 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.