Certified Cloud Security Professional (CCSP) — Question 242

Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?

Answer options

• A. Sensitive data exposure
• B. Security misconfiguration
• C. Insecure direct object references
• D. Unvalidated redirect and forwards

Correct answer: C

Explanation

The correct answer is C, as insecure direct object references occur when internal references are exposed, allowing unauthorized access. Option A refers to the exposure of sensitive data in general, while B pertains to incorrect security settings, and D deals with issues related to improper redirects, none of which specifically address the issue of internal information being accessible.