Solved

Because Some Clients Have Reported Unauthorized Activity on Their Accounts

Question 106

Multiple Choice

Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below: POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/ "> <request+xmlns:a=" http://schemas.somesite.org "+xmlns:i=" http://www.w3.org/2001/XMLSchema-instance "></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap <<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/> <a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>somebody@companyname.com</a:Username></request></Login></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89 POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s=" http://schemas.xmlsoap.org/soap/envelope/ "><s:Body><GetIPLocation+xmlns=" http://tempuri.org/"> <a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22 "><s:Body><IsLoggedIn+xmlns=" http://tempuri.org/ "> <request+xmlns:a=" http://schemas.datacontract.org/2004/07/somesite.web +xmlns:i=" "><a:Authentication> <a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0</a:ImpersonateUserId><a:LocationId>161222</a:LocationId> <a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authentication></request></IsLoggedIn></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89 Which of the following MOST likely explains how the clients' accounts were compromised?


A) The clients' authentication tokens were impersonated and replayed.
B) The clients' usernames and passwords were transmitted in cleartext.
C) An XSS scripting attack was carried out on the server.
D) A SQL injection attack was carried out on the server.

Correct Answer:

verifed

Verified

Unlock this answer now
Get Access to more Verified Answers free of charge

Related Questions

Q101: A security analyst is trying to determine

Q102: A cybersecurity analyst is investigating a potential

Q103: A security analyst discovers accounts in sensitive

Q104: Bootloader malware was recently discovered on several

Q105: During a cyber incident, which of the

Q107: A security analyst recently used Arachni to

Q108: A security analyst suspects a malware infection

Q109: It is important to parameterize queries to

Q110: A security analyst discovers a vulnerability on

Q111: An organization wants to move non-essential services