CISSP PRACTICE QUESTIONS – 20200224

You are reviewing logs on a web server and find the following entry:
[24/Feb/2020:00:05:36 +0800] “GET /load?image=../../../etc/shadow%00 HTTP/1.0” 200
Which of the following is the most possible vulnerability on the webserver?
A. The diagonal of the attack surface higher than risk appetite
B. Misconfiguration without due care
C. Continuous monitoring not automated by the “crond” daemon
D. Path traversal by adversaries


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Misconfiguration without due care.

The question is designed to evaluate the knowledge of basic HTTP operations and the NIST generic risk model (basic risk terminologies).

The log entry shows someone submitted an HTTP request to get the credential file, /etc/shadow, and it succeeded with an HTTP response status code, 200 (OK). It is the evidence for the attack that some threat source has initiated threat events that successfully exploited some vulnerabilities.

By default, the /etc/shadow is readable only by the root user. It is owned by user root and group shadow, and has 640 permissions. If the webserver is authorized to read the shadow file, there must be something wrong. Misconfiguration (of privilege or authorization) without due care can be one of the causes; it is a vulnerability.

The HTTP request “../../../etc/shadow%00” does employ the attack tactics, path traversal, initiated by adversaries (the threat source). A threat event can be described by TTP (Tools, Tactics, and Procedure) and start with a verb; for example, “Submit a URL encoded request to traverse the path and download the shadow file using a homemade utility.” A combination of a threat source and a threat event is a threat scenario. Threat scenario analysis is the study of the relationship between a threat source and its possible threat events.

Options A and C are distractors.

 

 


您正在查看Web服務器上的日誌並找到以下記錄:
[24/Feb/2020:00:05:36 +0800] “GET /load?image=../../../etc/shadow%00 HTTP/1.0” 200
以下哪個是Web服務器上最可能的弱點?

A. The diagonal of the attack surface higher than risk appetite
B. Misconfiguration without due care
C. Continuous monitoring not automated by the “crond” daemon
D. Path traversal by adversaries

1 thought on “CISSP PRACTICE QUESTIONS – 20200224

Leave a Reply