New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CAP Exam - Topic 1 Question 88 Discussion

Actual exam question for ISC2's CAP exam
Question #: 88
Topic #: 1
[All CAP Questions]

Based on the screenshot above, which of the following is the most true?

Screenshot

![Login Form]

coder@viewer

User does not exist

[Password field]

Forget password?

[Login button]

Not yet member? Sign now

Show Suggested Answer Hide Answer
Suggested Answer: C

by Lashawn at Jun 23, 2024, 12:44 AM

Limited Time Offer

25%

Off

Get Premium CAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Adelle
3 months ago
I think none of these options really fit the screenshot.
upvoted 0 times
...
Fannie
3 months ago
Strong password policy isn't mentioned, so that's a concern too.
upvoted 0 times
...
Shaun
3 months ago
Surprised there's no captcha or lockout feature!
upvoted 0 times
...
Gerald
4 months ago
I disagree, it could just be a simple login error.
upvoted 0 times
...
Jenise
4 months ago
Definitely looks like a username enumeration issue.
upvoted 0 times
...
Kallie
4 months ago
I practiced a similar question where username enumeration was a key point, so I'm leaning towards A, but I could be mistaken.
upvoted 0 times
...
Quentin
4 months ago
I feel like none of the options really address password strength directly, so maybe D is the right choice?
upvoted 0 times
...
Valentine
4 months ago
I'm not entirely sure, but I remember something about brute-force attacks being related to repeated login attempts. Is that what option B is about?
upvoted 0 times
...
Catalina
5 months ago
I think option A might be correct since the message "User does not exist" could indicate that the app reveals whether a username is valid.
upvoted 0 times
...
Kenneth
5 months ago
I'm a bit confused by the password policy part of the question. I'll need to review the details of the login form to see if I can spot any issues with the password requirements.
upvoted 0 times
...
Kristofer
5 months ago
Okay, let's see. The application also has a "Forget password?" link, which could potentially be used for brute-force attacks. I'll need to consider that as well.
upvoted 0 times
...
Marguerita
5 months ago
Hmm, the "User does not exist" message seems a bit concerning. That could indicate a vulnerability to username enumeration. I'll need to think carefully about that one.
upvoted 0 times
...
Malcolm
5 months ago
This looks like a pretty straightforward security question. I'll start by analyzing the login form and the error message to see if I can identify any vulnerabilities.
upvoted 0 times
...
Delpha
5 months ago
Hmm, I'm a bit unsure about this one. I need to make sure I understand the differences between rapid elasticity, metered utilization, shared resources, and high availability. Let me think this through carefully.
upvoted 0 times
...
Jettie
5 months ago
This one seems pretty straightforward. I think the key is to focus on the factors that affect the amount of safety stock a company would hold.
upvoted 0 times
...
Beatriz
5 months ago
I'm a bit confused here. Conflicts with the Decoupled Contract pattern? I'm not sure about that one. I'll have to think it through.
upvoted 0 times
...
Billy
10 months ago
Wow, this app is so secure, it doesn't even have a password field. Guess they're going for the 'no password required' approach. Option D is the way to go, for sure.
upvoted 0 times
...
Herminia
10 months ago
This login page is a security disaster. I bet the password is just 'password123' for every user. Option C is the clear choice here.
upvoted 0 times
Rene
9 months ago
User3: I think we should report this to the developers to improve the security of the application.
upvoted 0 times
...
Nieves
9 months ago
User2: Definitely, they should require more complex passwords to prevent easy guessing.
upvoted 0 times
...
Bulah
9 months ago
User1: I agree, the lack of a strong password policy is a huge security risk.
upvoted 0 times
...
...
Thomasena
10 months ago
Haha, looks like the devs forgot to include 'Enter password' in the form. How do they expect users to log in without a password field? Option D all the way!
upvoted 0 times
Ashley
9 months ago
They really dropped the ball on this one. Option D for sure.
upvoted 0 times
...
Timothy
9 months ago
I agree, it's a big security flaw. Option D it is.
upvoted 0 times
...
Crista
10 months ago
Yeah, that's a major oversight. Option D is definitely the most true.
upvoted 0 times
...
...
Cristina
10 months ago
I think option B is the way to go here. The lack of any password policy or lockout mechanism makes this app ripe for brute-force attacks.
upvoted 0 times
Sanda
8 months ago
I think we should consider both options A and B. Username enumeration combined with the lack of password policy could make this application very vulnerable.
upvoted 0 times
...
Coral
9 months ago
I see your point, but I still believe option B is the most concerning. Without a strong password policy, brute-force attacks could easily compromise the system.
upvoted 0 times
...
Myrtie
9 months ago
I think option A could also be a possibility. The fact that it explicitly states 'User does not exist' could be used to enumerate valid usernames.
upvoted 0 times
...
Ona
10 months ago
I agree, option B seems like the most accurate choice. Brute-force attacks could easily be carried out on this application.
upvoted 0 times
...
...
Angelyn
10 months ago
The application is definitely vulnerable to username enumeration. That message 'User does not exist' is a dead giveaway.
upvoted 0 times
Shonda
9 months ago
User1
upvoted 0 times
...
Rasheeda
10 months ago
User2
upvoted 0 times
...
...
Jamal
11 months ago
I believe the application should enforce a strong password policy to enhance security.
upvoted 0 times
...
Sylvia
11 months ago
I agree with Troy, the lack of user existence feedback makes it easier for attackers to guess usernames.
upvoted 0 times
...
Troy
11 months ago
I think the application is vulnerable to brute-force attacks.
upvoted 0 times
...

Save Cancel