Examice

Exam 1z0-816 All QuestionsBrowse all questions from this exam

Question 12

You are working on a functional bug in a tool used by your development organization. In your investigation, you find that the tool is executed with a security policy file containing this grant.

What action should you take?

Nothing, because it is an internal tool and not exposed to the public.

Remove the grant because it is excessive.

Nothing, because it is not related to the bug you are investigating.

File a security bug against the tool referencing the excessive permission granted.

Nothing, because listing just the required permissions would be an ongoing maintenance challenge.

Correct Answer: D

The provided grant allows java.security.AllPermission, which is highly permissive and poses a significant security risk by allowing the code access to all system resources. Even though the tool is internal, best practices for security and the principle of least privilege should be followed. Therefore, the appropriate action is to file a security bug against the tool, referencing the excessive permissions granted.

Discussion

Sa16253748596Option: B

B is true