Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks. What among the following should Wesley avoid from considering?
A.
Deserialization of trusted data must cross a trust boundary
B.
Understand the security permissions given to serialization and deserialization
C.
Allow serialization for security-sensitive classes
D.
Validate untrusted input, which is to be serialized to ensure that serialized data contain only trusted classes
p.826 and be carful to "AVOID" in the question.
to Validate untrusted input which is to be serialized to ensure serialized data contains only trusted classes
to Deserialization of trusted data must cross a trust boundary
to Developers must re-architect their applications
to Avoid serialization for security-sensitive classes
to Guard sensitive data during deserialization
to Filter untrusted serial data
to Duplicate Security Manager checks enforced in a class during serialization and deserialization
to Understand the security permissions given to serialization and deserialization
This section is not available anymore. Please use the main Exam Page.312-39 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Berro_b
1 week, 2 days agolawrence1977
1 week, 6 days agowebberlee
9 months, 3 weeks agowebberlee
9 months, 3 weeks agopopocloud
1 year, 5 months agoeshe
1 year, 3 months agoeshe
1 year, 3 months agol3arner
1 year, 6 months ago