SY0-501 Question #229: Real Exam Question with Answer & Explanation

Question

A system's administrator has finished configuring firewall ACL to allow access to a new web answer. PERMIT TCP from: ANY to: 192.168.1.10:80 PERMIT TCP from: ANY to: 192.168.1.10:443 DENY TCP from: ANY to: ANY The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server: TCP 10.23.243.2:2000->192.168.1.10:80 POST/default's TCP 172.16.4.100:1934->192.168.1.10:80 GET/session.aspx?user_1_sessionid= a12ad8741d8f7e7ac723847aa8231a The company's internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?

Options

• AMisconfigured firewall
• BClear text credentials
• CImplicit deny
• DDefault configuration

Explanation

The auditor is concerned about session credentials being transmitted in cleartext over HTTP, as visible in the packet capture showing a session ID exposed in a GET request URL.

Common mistakes.

• A. The firewall ACL is correctly configured to permit HTTP and HTTPS traffic to the web server and deny all other TCP traffic, so misconfiguration is not the primary concern raised by the packet capture.
• C. Implicit deny is actually properly implemented in the ACL as the final 'DENY TCP from: ANY to: ANY' rule, meaning this is functioning as intended and is not the finding.
• D. Default configuration refers to leaving devices or services in their factory or out-of-box settings, which is not evidenced by the packet capture showing a session ID in a URL.

Concept tested. Cleartext credential and session token transmission risks

Reference. https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure

No community discussion yet for this question.