CompTIA
CAS-002 · Question #805
CAS-002 Question #805: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-002 to reveal the answer and full explanation for question #805. The question stem and answer options stay visible for context.
Question
A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request: Content-type: application/json { "account": [ { "creditAccount":"Credit Card Rewards account"} { ], "customer": [ { "name":"Joe Citizen"} { "custRef":"3153151"} ] } The banking website responds with: HTTP/1.1 200 OK { "newAccountDetails": [ { "cardNumber":"1234123412341234"} { "cardExpiry":"2020-12-31"} { "cardCVV":"909"} ], "marketingCookieTracker":"JSESSIONID=000000001" "returnCode":"Account added successfully" } Which of the following are security weaknesses in this example? (Select TWO).
Options
- AMissing input validation on some fields
- BVulnerable to SQL injection
- CSensitive details communicated in clear-text
- DVulnerable to XSS
- EVulnerable to malware file uploads
- FJSON/REST is not as secure as XML
Unlock CAS-002 to see the answer
You've previewed enough free CAS-002 questions. Unlock CAS-002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.