A major manufacturing company updated its internal infrastructure and just recently started to allow OAuth applications to access corporate data. Data leakage is now being reported. Which of the following MOST likely caused the issue?
B. Unmodified default settings
In OAuth2 there is the concept of "scope".
The .default scope can be used in any OAuth 2.0 flow and to initiate admin consent. Its use is required in the On-Behalf-Of flow and client credentials flow.
Clients can't combine static (.default) consent and dynamic consent in a single request.
https://learn.microsoft.com/en-us/azure/active-directory/develop/scopes-oidc
Scope is a mechanism in OAuth 2.0 to limit an application's access to a user's account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.
OAuth does not define any particular values for scopes, since it is highly dependent on the service's internal architecture and needs.
https://oauth.net/2/scope/
What is OAuth2 scope?
OAuth 2.0 scopes provide a way to limit the amount of access that is granted to an access token.
I asked chatgpt if an incorrectly configurd default OAuth scope could cause this data leakage.
It agreed that it can.
Chatgpt:
Unmodified default settings in OAuth can also be a likely cause of data leakage. OAuth scopes define the level of access an application has to a particular resource. The default scope may be configured to provide access to resources that it shouldn't, resulting in unauthorized access to sensitive data. This can occur if the default scope was not modified to restrict access to only the necessary resources for the application. Therefore, B. Unmodified default settings can also be a likely cause of data leakage in this scenario.
If an incorrectly configured default OAuth scope is the cause of the data leakage, then the answer would be "B. Unmodified default settings", as the default settings in the OAuth implementation were not properly configured.
However, since the original question did not provide enough information about the cause of the data leakage, both answers "A. Privilege creep" and "B. Unmodified default settings" could be possible causes, and the more likely answer would depend on the specific details of the scenario.
While the question does state "updated its internal infrastructure and just recently started to allow OAuth applications", perhaps making it seems like Change Default Settings, I'm convinced it is A) Privilege Creep, given generally with these CompTIA questions, it would be Change Default Settings if a new DEVICE was specified, while in this case it seems more like privilege creep.
From my understanding of Privilege Creep, it about gradual accumulation of excessive privileges or access rights by users or accounts over time. It occurs when users are granted more privileges than they require to perform their job functions, and these privileges are not revoked or adjusted as job roles change or organizational needs evolve.
Privilege creep can happen in various systems, such as operating systems, databases, applications, and network environments. It typically occurs due to inadequate access control management and the absence of regular reviews and audits of user privileges.
upvoted 6 times
...
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ganymede
Highly Voted 2 years, 4 months agoganymede
2 years, 3 months agoprincajen
Highly Voted 2 years, 3 months agoNetworkTester1235
Most Recent 1 year, 3 months agoSkeptiker
1 year, 6 months agoComPCertOn
1 year, 8 months agoworkhard
2 years, 1 month agoJibz18
2 years, 4 months agosdc939
2 years, 4 months agoRanaer
2 years, 4 months agosdc939
2 years, 4 months agoApplebeesWaiter1122
2 years, 1 month ago