Examice

Exam PT0-002 All QuestionsBrowse all questions from this exam

Go to Exam

Question 260

When accessing the URL http://192.168.0.1/validate/user.php, a penetration tester obtained the following output:

Which of the following is the MOST probable cause for this output?

Lack of code signing

Incorrect command syntax

Insufficient error handling

Insecure data transmission

Correct Answer: C

The output indicates that certain indices ('eid', 'uid', 'pw', and 'acl') are not defined in the script. This typically occurs when the code tries to access elements of an array (such as the $_POST or $_GET arrays) that have not been set, which usually results from missing parameters in the request. This reflects insufficient error handling, as robust error handling in PHP would check whether these indices exist before accessing them to avoid such notices. This issue is unrelated to code signing, incorrect syntax, or insecure data transmission.

Discussion

Etc_Shadow28000Option: C

C. Insufficient error handling Explanation: The error messages indicate that certain indices (eid, uid, pw, acl) are not defined in the $_POST or $_GET arrays, which are typically used in PHP to handle form data submitted via HTTP POST or GET methods. This suggests that the script is attempting to access these indices without first checking if they exist, which is a sign of insufficient error handling.

Etc_Shadow28000

Other Options: A. Lack of code signing: This relates to verifying the authenticity and integrity of the code and is unrelated to the runtime errors shown in the image. B. Incorrect command syntax: This would typically result in syntax errors rather than notices about undefined indices. D. Insecure data transmission: This relates to how data is transmitted over the network (e.g., HTTP vs. HTTPS) and is unrelated to the specific PHP notices shown.

LiveLaughToasterBathOption: C

Inadequate error handling refers to the failure of a system or application to properly manage and respond to errors or exceptions that occur during its operation. This can lead to unexpected behavior, security vulnerabilities, and potential data loss.

[Removed]Option: C

Notice: Undefined index: eid in /apache/www/validate/user.php line 12 Notice: Undefined index: uid in /apache/www/validate/user.php line 13 Notice: Undefined index: pw in /apache/www/validate/user.php line 14 Notice: Undefined index: acl in /apache/www/validate/user.php line 15 Line 12: The script is trying to access an array index 'eid,' but it is not defined. Line 13: Similar to the first notice, but for the 'uid' index. Line 14: Similar to the first two notices, but for the 'pw' index. Line 15: Similar to the previous notices, but for the 'acl' index. Issue is due to lack of expected parameters. This question sucks. Option C is my bet