Certified Data Privacy Solutions Engineer (CDPSE) — Question 222

Which type of flaw in an application programming interface (API) allows an attacker to manipulate legitimate standard functionality?

Answer options

• A. Business logic misconfiguration
• B. Excessive data exposure
• C. Lack of resources and rate limiting
• D. Broken object level authorization

Correct answer: A

Explanation

The correct answer, A, refers to business logic misconfiguration, which can lead to unauthorized manipulation of application processes. The other options describe different types of vulnerabilities: excessive data exposure pertains to leaking sensitive information, lack of resources and rate limiting addresses performance issues, and broken object level authorization involves improper access controls.