Certified Incident Handler (ECIH) — Question 10

Miguel, a professional hacker, targeted an organization to gain illegitimate access to its critical information. He identified a flaw in the end-point communication that can disclose the target application's data.
Which of the following secure application design principles was not met by the application in the above scenario?

Answer options

• A. Secure the weakest link
• B. Do not trust user input
• C. Exception handling
• D. Fault tolerance

Correct answer: A

Explanation

The principle 'Secure the weakest link' emphasizes the need to protect all components of a system, especially the most vulnerable ones. In this case, the flaw in end-point communication indicates that this principle was not adhered to, allowing unauthorized access. The other options, while important principles, do not directly relate to the specific vulnerability described in the scenario.