SY0-701 Threats, Vulnerabilities, and Mitigations • Set 4
SY0-701 Threats, Vulnerabilities, and Mitigations Practice Test 4 — 15 questions with explanations. Free, no signup.
Based on the exhibit, what is the BEST fix for the vulnerability being exploited?
A user with a standard account can retrieve documents by changing the `docId` value in the request. The application returns another employee's file without any authorization error.
Web server access log excerpt: 10:41:12 GET /portal/document?docId=4411 200 user=jcarter 10:41:14 GET /portal/document?docId=4412 200 user=jcarter 10:41:15 GET /portal/document?docId=4413 200 user=jcarter Application debug log: [INFO] Document lookup completed successfully. [WARN] No authorization check performed after object lookup. [INFO] Returned file owner: finance2