After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the
following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name
which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD- YYYY, (e.g. smartphone-12-25-2013.tmp)
containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?.
A.
Input validation
B.
SQL injection
C.
TOCTOU
D.
Session hijacking
Wrote the CAS-002 exam and passed with a good score!
77 questions in total, started with 10 SIMs: configuring the firewall ACL, placing equipments in the network to stop attacks, and so on.
I mainly learned the CASP Cert Guide books and practised PassLeader CAS-002 dumps with 900q (new version, helped a lot for my passing).
Dumps on this site are not valid, only 2 SIMs and few MCQs are from them, other 8 SIMs and many MCQs are missing!!!
Recommend to practise PassLeader 900q CAS-002 dumps, especially the last 240 questions. Here you can get PassLeader CAS-002 dumps:
http://www.comptiadump.com/category/comptia-advanced-security-practitioner-casp-certification/cas-002-dumps
GOOD LUCK!!
Besides, download that PassLeader CAS-002 dumps in PDF from:
https://drive.google.com/open?id=0B-ob6L_QjGLpenQtV3dLMDkyM0U
Regards!!!