Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CISSP topic 1 question 88 discussion

Actual exam question from ISC's CISSP
Question #: 88
Topic #: 1
[All CISSP Questions]

A web developer is completing a new web application security checklist before releasing the application to production. The task of disabling unnecessary services is on the checklist. Which web application threat is being mitigated by this action?

  • A. Session hijacking
  • B. Security misconfiguration
  • C. Broken access control
  • D. Sensitive data exposure
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
dm808
1 day ago
Why not A? The question is asking which application THREAT is being mitigated.. Session hijacking is the only threat listed.. Security misconfiguration is a vulnerability Broken access control is a vulnerability Sensitive data exposure is a risk..
upvoted 1 times
...
YesPlease
3 months, 2 weeks ago
Selected Answer: B
Answer B) Security Misconfigurations https://www.balbix.com/insights/security-misconfiguration-impact-examples-and-prevention/
upvoted 3 times
...
Soleandheel
3 months, 3 weeks ago
C. Broken Access Controls is the correct answer. Broken access controls pertain to issues related to improper authorization and access permissions, which are often a key aspect of mitigating threats by disabling unnecessary services. However, B. Security misconfiguration in itself will not be an appropriate answer for the question. I see a lot of people selecting answer B. because they are looking at Chatgpt. Please don't blindly accept chatgpt answers, many of them are wrong and this is one of them.
upvoted 1 times
...
Bach1968
8 months, 3 weeks ago
Selected Answer: B
The web application threat being mitigated by disabling unnecessary services is: B. Security misconfiguration. Disabling unnecessary services helps reduce the attack surface of a web application by eliminating potential entry points for attackers. It helps ensure that only essential services are running, reducing the chances of security vulnerabilities arising from misconfigured or unpatched services. By disabling unnecessary services, the web developer minimizes the risk of security misconfigurations that could be exploited by attackers.
upvoted 2 times
...
Moose01
10 months, 2 weeks ago
B. 8 Examples of Security Misconfigurations 1- Sample Applications Vulnerability. ... 2- Directory Listing Vulnerability. ... 3- Error Message Vulnerability. ... 4- Default Privileges Vulnerability. ... 5- Unnecessary Features Vulnerability. ... 6- Improper Data Validation Vulnerability. ... 7- Unpublished URLs Vulnerability. ... 8- Out-of-date Software Vulnerability.
upvoted 2 times
...
DapengZhang
1 year ago
Selected Answer: C
the purpose of "disabling unnecessary services" is to avoid vertical privilege escalation.
upvoted 1 times
jackdryan
10 months, 3 weeks ago
B is correct
upvoted 1 times
...
...
sphenixfire
1 year, 5 months ago
Selected Answer: B
not completly clear for me but after googleing cissp security missconfiguration all the articles refere to functions that should be disabled if not needed (no default config on). so B
upvoted 2 times
...
franbarpro
1 year, 5 months ago
This is application hardening..... so check for that human error of misconfiguring stuff.
upvoted 2 times
...
dev46
1 year, 6 months ago
A & D can be eliminated as session hijacking and data breach still going to happen after hardening/ disabling unnecessary services I chose Broken Authentication, but it's not true. I read some articles. Example of broken authentication (https://avatao.com/blog-broken-access-control/) - it can still happen B seems right - if we don't disable configuration for directory listing, attacker can list the directory (https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration)
upvoted 3 times
...
ygc
1 year, 6 months ago
B is correct, key word is 'disabling'.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...