Certified Cloud Security Professional (CCSP) — Question 269

Which of the following threat types can occur when an application does not properly validate input and can be leveraged to send users to malicious sites that appear to be legitimate?

Answer options

• A. Unvalidated redirects and forwards
• B. Insecure direct object references
• C. Security miscomfiguration
• D. Sensitive data exposure

Correct answer: A

Explanation

The correct answer is A, as unvalidated redirects and forwards occur when user input is not checked, allowing attackers to redirect users to harmful sites. Options B, C, and D refer to different types of security vulnerabilities that do not specifically relate to input validation failures leading to malicious redirects.