Which of the following should be the engineer’s GREATEST concern?

A network engineer at Company ABC observes the following raw HTTP request:
GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01-
01-0101&Run=
Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1
HTTP/1.1
Host: test.example.net
Accept: */*
Accept-Language: en
Connection: close
Cookie: java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s GREATEST concern?

A network engineer at Company ABC observes the following raw HTTP request:
GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01-
01-0101&Run=
Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1
HTTP/1.1
Host: test.example.net
Accept: */*
Accept-Language: en
Connection: close
Cookie: java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s GREATEST concern?

A.
The HTTPS is not being enforced so the system is vulnerable.

B.
The numerical encoding on the session ID is limited to hexadecimal characters, making it
susceptible to a brute force attack.

C.
Sensitive data is transmitted in the URL.

D.
The dates entered are outside a normal range, which may leave the system vulnerable to a
denial of service attack.



Leave a Reply 0

Your email address will not be published. Required fields are marked *