Certified Cloud Security Professional (CCSP) — Question 59
Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?
Answer options
- A. Injection
- B. Missing function-level access control
- C. Cross-site request forgery
- D. Cross-site scripting
Correct answer: B
Explanation
The correct answer, B, refers to missing function-level access control, which happens when an application does not adequately enforce authorization checks for different functionalities after the first verification. Options A, C, and D describe other types of vulnerabilities that do not specifically relate to the failure of access control within an application.