Exam 312-96 topic 1 question 18 discussion

Actual exam question from ECCouncil's 312-96

Question #: 18
Topic #: 1

Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?

A. < int-param > < param-name>directory-listings < param-value>true < /init-param >
B. < int param > < param-name>directory-listings < param-value>false < /init-param >
C. < int-param > < param-name>listings < param-value>true < /init-param >
D. < int-param > < param-name>listings < param-value>false < /init-param >

Show Suggested Answer

Suggested Answer: B 🗳️

by great_chainick at Aug. 13, 2023, 11:52 a.m.

Comments

Submit Cancel

DarrenSu

9 months ago

Selected Answer: D

just goolged

upvoted 2 times

...

yawmumma

10 months, 1 week ago

The security risk described is that users can view the website structure and file names, which is commonly known as "Directory Listing." To mitigate this risk, directory listings should be disabled. The correct option to disable directory listings would be: D. <init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param> This setting will ensure that the server does not display a list of files in a directory when there is no default index file (like index.html or index.jsp). Note: The XML tags in the options provided seem to have typos like int-param and int param, which should ideally be init-param. So, Alice should use option D to mitigate the security risk of exposing directory listings to users.

upvoted 2 times

...

great_chainick

11 months ago

I think the correct answer is D, because https://tomcat.apache.org/tomcat-9.0-doc/default-servlet.html

upvoted 2 times

...