New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-39 Exam - Topic 9 Question 28 Discussion

Actual exam question for Eccouncil's 312-39 exam
Question #: 28
Topic #: 9
[All 312-39 Questions]

Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.

What among the following should Wesley avoid from considering?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Elli at May 07, 2022, 12:21 PM

Limited Time Offer

25%

Off

Get Premium 312-39 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Janine
4 months ago
A seems odd... why would you cross a trust boundary with deserialization?
upvoted 0 times
...
Dion
4 months ago
B is super important! Gotta know those permissions.
upvoted 0 times
...
Harris
4 months ago
Wait, are we really saying to avoid validating untrusted input? Sounds risky!
upvoted 0 times
...
Louis
4 months ago
Totally agree with that! Serialization can be risky.
upvoted 0 times
...
Breana
5 months ago
C is a big no! Security-sensitive classes should never be serialized.
upvoted 0 times
...
Bernadine
5 months ago
I’m a bit confused, but I recall something about understanding security permissions being important, so B might not be the right choice to avoid.
upvoted 0 times
...
Louis
5 months ago
I practiced a question similar to this, and I think validating untrusted input is crucial, so D seems like something Wesley should definitely consider.
upvoted 0 times
...
Norah
5 months ago
I'm not entirely sure, but I feel like allowing serialization for security-sensitive classes could lead to vulnerabilities, so C might be the answer.
upvoted 0 times
...
Paul
5 months ago
I think I remember that deserializing trusted data across a trust boundary is risky, so maybe A is the one to avoid?
upvoted 0 times
...
Hui
5 months ago
Alright, time to put my Solaris skills to the test. I think the key here is to get the ISO image copied over, set the publisher, and then make sure the service is configured properly. I'll need to pay close attention to the details, but I feel like I've got a good handle on this.
upvoted 0 times
...
Jerrod
5 months ago
I'm pretty sure the important protocols in the IPsec framework are AH, ESP, and IKE. I'll make sure to select those options.
upvoted 0 times
...
Major
5 months ago
Okay, let me see here. If the goal is to persist the SQL query so others can use it, then a view seems like the logical choice. That way, the query is encapsulated and can be easily accessed by other users.
upvoted 0 times
...
Verda
5 months ago
I remember a practice question about intellectual property but can't recall if it was specifically about business plans. I lean towards "Trade secret."
upvoted 0 times
...

Save Cancel