Exam 1z0-819 All QuestionsBrowse all questions from this exam
Question 8

Your organization makes mlib.jar available to your cloud customers. While working on a new feature for mlib.jar, you see that the customer visible method public void enableService(String hostName, String portNumber) executes this code fragment

and you see this grant is in the security policy file:

What security vulnerability does this expose to your cloud customer's code?

    Correct Answer: E

    The security vulnerability in question is a denial of service attack against any reachable machine. The given code uses the AccessController.doPrivileged method to create a new Socket with a specified hostname and port number. The grant in the security policy file allows the code to connect to any host using SocketPermission. This means that if a malicious user can control the hostname and port number parameters of the enableService method, they can potentially open numerous connections to any reachable host, thereby overwhelming its resources and causing a denial of service.

Discussion
StavokOption: E

The correct answer is E. denial of service attack against any reachable machine. The code fragment shows that the enableService method uses the AccessController.doPrivileged method to create a new Socket with the specified hostname and portNumber. The security policy file grants the codebase permission to connect to any host using SocketPermission. This means that an attacker could potentially use this method to repeatedly create connections to any reachable machine, overwhelming its resources and causing a denial of service attack.

lmocanasu

The code and the security policy only grant the permission to create socket connections (java.io.SocketPermission "*","connect") from the code in mlib.jar. It doesn't grant any specific permissions to perform denial of service (DoS) attacks or other malicious activities. Therefore, option E is not a valid security vulnerability exposed by this code and policy. The primary security concern in this scenario is privilege escalation (option A), where the code in mlib.jar could potentially execute operations with elevated privileges on the customer's system. Options B and C are not directly relevant to the given code and policy, and option D is not accurate as it suggests that the customer code must also be granted SocketPermission, which is not necessary for the vulnerability described in option A.

Mukes877Option: A

Right answer is A. B will not because The security vulnerability described in option B, an SQL injection attack against the specified host and port, is not applicable in this scenario.

aruni_mishraOption: E

Denial of service attack against any reachable host: Letting socket connections to be opened to any host has the potential to cause a denial of service attack against that host.

rami_mlaielOption: A

Option A is correct because it pertains to full access being granted to the file.

d7bb0b2Option: E

The security vulnerability exposed to your cloud customer's code in this scenario is E. denial of service attack against any reachable machine. The SocketPermission "*", "connect"; grant in the security policy file allows the mlib.jar to establish a network connection to any host. If a malicious user has the ability to control the hostName and portNumber parameters of the enableService method, they could potentially create numerous connections to a specific host, thereby causing a Denial of Service (DoS) attack. This could make the targeted machine unavailable by flooding it with network requests. Please note that this is a potential risk, and actual exploitation would depend on various factors, including the control a malicious user has over the hostName and portNumber parameters, and the resilience of the targeted system.

Ashan_OzlovOption: A

Based on the fact that this has more to do with file access permissions I think option A makes sense, though there is potential for a DoS attack due to improper file handling I think A is more suited as the possibly most obvious vulnerability