New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CFA-001 Exam - Topic 4 Question 85 Discussion

Actual exam question for GAQM's CFA-001 exam
Question #: 85
Topic #: 4
[All CFA-001 Questions]

Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server's root directory?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Edda at May 29, 2024, 09:49 AM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tamra
3 months ago
I disagree, I think parameter tampering could also lead to similar issues.
upvoted 0 times
...
Francine
3 months ago
C is correct, but it's wild how many sites are vulnerable to this!
upvoted 0 times
...
Shenika
3 months ago
Wait, are we sure it's not D? Security misconfigurations are super common.
upvoted 0 times
...
Flo
4 months ago
I thought it was A at first, but C makes more sense.
upvoted 0 times
...
Ira
4 months ago
Definitely C, directory traversal is the one.
upvoted 0 times
...
Karan
4 months ago
I feel like unvalidated input could lead to various attacks, but I can't recall it being directly linked to accessing restricted files.
upvoted 0 times
...
Kaitlyn
4 months ago
Security misconfiguration sounds familiar, but I don't think it specifically allows access to restricted directories like the question describes.
upvoted 0 times
...
Stefanie
4 months ago
I remember practicing a similar question where we discussed how parameter tampering can lead to unauthorized access.
upvoted 0 times
...
Jesusa
5 months ago
I think this might be related to directory traversal attacks, but I'm not entirely sure.
upvoted 0 times
...
Sheldon
5 months ago
Okay, I've got this. The key is understanding that directory traversal lets you access files and directories outside the web server's root. That's the attack that matches the description in the question.
upvoted 0 times
...
Anika
5 months ago
I'm a bit confused by the wording of this question. I'll need to re-read it carefully and think through the different attack types to make sure I select the right one.
upvoted 0 times
...
Selma
5 months ago
Ah, I've seen this type of question before. I'm pretty confident the answer is C - directory traversal. That allows you to access restricted files and directories.
upvoted 0 times
...
Loren
5 months ago
Hmm, directory traversal seems like the most likely answer here. I'll need to review my notes on that attack to make sure I understand it fully.
upvoted 0 times
...
Viva
5 months ago
This looks like a tricky one. I'll need to think through the different types of attacks and how they work to figure out the right answer.
upvoted 0 times
...
Stefan
5 months ago
I feel like "Unstable" might be a tricky one, but I think it refers to tests that had issues rather than a complete failure.
upvoted 0 times
...
Irma
5 months ago
From what I recall, it's definitely risk and return. It makes sense since investors want to optimize their investment outcomes.
upvoted 0 times
...
Mignon
5 months ago
This seems like a straightforward question about email security features in Microsoft 365. I think the key is to identify the feature that can both remove the malicious emails and disable the PDF threat.
upvoted 0 times
...
Ollie
5 months ago
Okay, let's see. False imprisonment, malicious prosecution, invasion of privacy, and trespass on personal property all seem relevant. I'll have to weigh the options.
upvoted 0 times
...
Elke
10 months ago
Ah, the good old directory traversal. The classic way to sneak past the web server's defenses and explore the hidden corners of the system. Time to see what secrets are lurking in those restricted directories.
upvoted 0 times
Shaquana
10 months ago
I've used directory traversal before, it's a powerful attack method.
upvoted 0 times
...
Shaquana
10 months ago
C) Directory traversal
upvoted 0 times
...
...
Cecil
11 months ago
Directory traversal, for sure. This is the ultimate way to get the goods on the application. I'll be browsing through their config files and source code faster than a cheetah chasing a gazelle.
upvoted 0 times
...
Andra
11 months ago
C'mon, this is a no-brainer. Directory traversal is the way to go if you want to access those juicy restricted directories. It's like having a backstage pass to the web server's dirty secrets.
upvoted 0 times
Roxane
9 months ago
D) Security misconfiguration
upvoted 0 times
...
Barrie
9 months ago
C) Directory traversal
upvoted 0 times
...
Lavelle
10 months ago
B) Parameter/form tampering
upvoted 0 times
...
Edelmira
10 months ago
A) Unvalidated input
upvoted 0 times
...
...
Youlanda
11 months ago
Aha, directory traversal! This attack lets me snoop around where I'm not supposed to go. Time to take a stroll through the file system, shall we?
upvoted 0 times
...
Sheridan
11 months ago
I'm not sure, but I think it could also be D) Security misconfiguration.
upvoted 0 times
...
Tennie
11 months ago
I agree with Quentin. Directory traversal allows access to restricted directories.
upvoted 0 times
...
Quentin
11 months ago
I think the answer is C) Directory traversal.
upvoted 0 times
...

Save Cancel