EC-Council
412-79V8 · Question #146
412-79V8 Question #146: Real Exam Question with Answer & Explanation
Sign in or unlock 412-79V8 to reveal the answer and full explanation for question #146. The question stem and answer options stay visible for context.
Question
The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them. What is the best way to protect web applications from parameter tampering attacks?
Exhibit
Options
- AValidating some parameters of the web application
- BMinimizing the allowable length of parameters
- CUsing an easily guessable hashing algorithm
- DApplying effective input field filtering parameters
Unlock 412-79V8 to see the answer
You've previewed enough free 412-79V8 questions. Unlock 412-79V8 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.