Solved

Because Some Clients Have Reported Unauthorized Activity on Their Accounts

Question 21

Multiple Choice

Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below: POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/ "> <request+xmlns:a=" http://schemas.somesite.org "+xmlns:i=" http://www.w3.org/2001/XMLSchema-instance "></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap <<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/> <a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>somebody@companyname.com</a:Username></request></Login></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89 POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s=" http://schemas.xmlsoap.org/soap/envelope/ "><s:Body><GetIPLocation+xmlns=" http://tempuri.org/"> <a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22 "><s:Body><IsLoggedIn+xmlns=" http://tempuri.org/ "> <request+xmlns:a=" http://schemas.datacontract.org/2004/07/somesite.web +xmlns:i=" "><a:Authentication> <a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0</a:ImpersonateUserId><a:LocationId>161222</a:LocationId> <a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authentication></request></IsLoggedIn></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89 Which of the following MOST likely explains how the clients' accounts were compromised?


A) The clients' authentication tokens were impersonated and replayed.
B) The clients' usernames and passwords were transmitted in cleartext.
C) An XSS scripting attack was carried out on the server.
D) A SQL injection attack was carried out on the server.

Correct Answer:

verifed

Verified

Unlock this answer now
Get Access to more Verified Answers free of charge

Related Questions

Q16: A compliance officer of a large organization

Q17: A security analyst reviews the following aggregated

Q18: An information security analyst observes anomalous behavior

Q19: A storage area network (SAN) was inadvertently

Q20: During an investigation, a security analyst determines

Q22: During a cyber incident, which of the

Q23: The security team at a large corporation

Q24: Which of the following sets of attributes

Q25: A development team is testing a new

Q26: A security analyst is building a malware

Unlock this Answer For Free Now!

View this answer and more for free by performing one of the following actions

qr-code

Scan the QR code to install the App and get 2 free unlocks

upload documents

Unlock quizzes for free by uploading documents