ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50 All Questions

View all questions & answers for the 312-50 exam
Go to Exam

Exam 312-50 topic 8 question 267 discussion

Actual exam question from ECCouncil's 312-50
Question #: 267
Topic #: 8
[All 312-50 Questions]

A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?

  • A. Insufficient security management
  • B. Insufficient database hardening
  • C. Insufficient input validation
  • D. Insufficient exception handling
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by csevcs at Sept. 4, 2020, 3:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dimaste
Highly Voted 3 years, 8 months ago
Actually, A is correct from my perspective, because using default credentials on the website is a security management problem
upvoted 5 times
...
Script_Kitty
Most Recent 8 months, 3 weeks ago
I feel the answer is most likely A. Database hardening (option B) is about securing the database from attacks, but the issue here is with the management of credentials, not the database structure or protection mechanisms. In this scenario, we have to assume the credentials were easy to guess, which shows weak security practices and policies to protect against unauthorized access. There could be confusion between the specific use of security tokens and other security practices. For instance, if B mentioned a practice that's commonly misunderstood or conflated with the use of tokens, like encryption or specific types of authentication methods, it might seem like a good choice without understanding the distinct role and definition of security tokens.
upvoted 1 times
...
White_T_10
1 year, 5 months ago
ok, here is my theory after reading the question so many times. Using default credentials to log in is a database-hardening issue. If the question stated the attacker could gain access using SQL injection techniques, then yes, it would be input validation. So, I'd go with B.
upvoted 1 times
XX20Jim20XX
1 year ago
https://blog.netwrix.com/2022/12/21/database_security_hardening/ Remove default accounts.
upvoted 1 times
...
...
salei
1 year, 10 months ago
Selected Answer: A
The B, C and D don't really make sense here
upvoted 1 times
...
Cww1
3 years ago
Answer is Correct
upvoted 1 times
...
btc
3 years, 9 months ago
I strongly believe the answer should be C not B
upvoted 1 times
...
csevcs
4 years, 2 months ago
The answer must be C, I think.
upvoted 1 times
boboloboli
4 years, 2 months ago
B is the correct answer. They are able to log in using the defaults. The first thing you do to harden a system is change the default passwords.
upvoted 1 times
bleble00001
4 years, 1 month ago
I am not sure if "Database Hardening" has anything to do with this. https://security.berkeley.edu/education-awareness/best-practices-how-tos/system-application-security/database-hardening-best Besides, by using a weak/default password, the hacker is only accessing the website. Nothing in the question mentions about accessing the database. You have access to a website does not necessarily mean you have access to a database. If you can manipulate/access data via the application once you gain access to the system, does not necessarily mean the database is not hardened.
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago