CompTIA
CAS-003 · Question #647
CAS-003 Question #647: Real Exam Question with Answer & Explanation
The correct answer is A: TOC/TOU. The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpect
Question
A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance. Players can move these points between capabilities at any time. The programming logic is as follows: - A player asks to move points from one capability to another - The source capability must have enough points to allow the move - The destination capability must not exceed 10 after the move - The move from source capability to destination capability is then completed The time stamps of the game logs show each step of the transfer process takes about 900ms. However, the time stamps of the cheating players show capability transfers at the exact same time. The cheating players have 10 points in multiple capabilities. Which of the following is MOST likely being exploited to allow these capability transfers?
Options
- ATOC/TOU
- BCSRF
- CMemory leak
- DXSS
- ESQL injection
- FInteger overflow
Explanation
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.
Community Discussion
No community discussion yet for this question.