Certified Cloud Security Professional (CCSP) — Question 52

Which of the following threat types involves an application that does not validate authorization for portions of itself beyond when the user first enters it?

Answer options

• A. Cross-site request forgery
• B. Missing function-level access control
• C. Injection
• D. Cross-site scripting

Correct answer: B

Explanation

The correct answer is B, as missing function-level access control occurs when an application does not check if a user has the right to access specific functions after logging in. Other options like A, C, and D refer to different types of vulnerabilities that do not specifically address authorization validation for application functions.