Multiple Choice
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below: POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/ "> <request+xmlns:a=" http://schemas.somesite.org "+xmlns:i=" http://www.w3.org/2001/XMLSchema-instance "></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap <<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/> <a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>somebody@companyname.com</a:Username></request></Login></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89 POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s=" http://schemas.xmlsoap.org/soap/envelope/ "><s:Body><GetIPLocation+xmlns=" http://tempuri.org/"> <a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22 "><s:Body><IsLoggedIn+xmlns=" http://tempuri.org/ "> <request+xmlns:a=" http://schemas.datacontract.org/2004/07/somesite.web +xmlns:i=" "><a:Authentication> <a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0</a:ImpersonateUserId><a:LocationId>161222</a:LocationId> <a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authentication></request></IsLoggedIn></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89 Which of the following MOST likely explains how the clients' accounts were compromised?
A) The clients' authentication tokens were impersonated and replayed.
B) The clients' usernames and passwords were transmitted in cleartext.
C) An XSS scripting attack was carried out on the server.
D) A SQL injection attack was carried out on the server.
Correct Answer:

Verified
Correct Answer:
Verified
Q101: A security analyst is trying to determine
Q102: A cybersecurity analyst is investigating a potential
Q103: A security analyst discovers accounts in sensitive
Q104: Bootloader malware was recently discovered on several
Q105: During a cyber incident, which of the
Q107: A security analyst recently used Arachni to
Q108: A security analyst suspects a malware infection
Q109: It is important to parameterize queries to
Q110: A security analyst discovers a vulnerability on
Q111: An organization wants to move non-essential services