اضغط هنا للانضمام الى قروب فوجي للإختبارات على تيليقرام

اختبار شهادة Certified Ethical Hacker (CEH) V13

السؤال 314 من 358

كل الأسئلة

A penetration tester is assessing a financial web application that uses form-based authentication but has no account lockout after repeated failures. The app also reveals in error messages whether the username or password is wrong. What is the most effective attack to try unauthorized access?

الخيارات

  • A Run a brute-force attack using the lack of lockout and verbose error messages
  • B Exploit a possible SQL injection to manipulate the database
  • C Launch a Cross-Site Scripting (XSS) attack to steal cookies
  • D Perform a Man-in-the-Middle attack to modify HTTP headers for clickjacking

النقاشات

لا توجد نقاشات منشورة لهذا السؤال حالياً.