Certified Information Systems Security Professional (CISSP) — Question 94

A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information disclosure?

Answer options

• A. Broken authentication management
• B. Security misconfiguration
• C. Cross-site request forgery (CSRF)
• D. Structured Query Language injection (SQLi)

Correct answer: B

Explanation

The correct answer is B, as security misconfiguration can lead to exposed directories that are accessible to unauthorized users. Options A, C, and D pertain to different security vulnerabilities that do not directly relate to access issues caused by unprotected server directories.