Question

Which of the following security misconfigurations supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft?

a. parameter/form tampering
b. unvalidated inputs
c. improper error handling
d. insufficient transport layer protection

Answer 1

The security misconfiguration that supports weak algorithms and uses expired or invalid certificates, leading to data exposure and account theft, is insufficient transport layer protection.

Step-by-step explanation:

The security misconfiguration that supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft is d. insufficient transport layer protection.

Insufficient transport layer protection refers to the failure to secure communication channels between clients and servers, leaving them vulnerable to attacks like man-in-the-middle. Weak algorithms and expired or invalid certificates can be exploited by attackers to intercept and access sensitive data.

For example, if a website uses an outdated encryption algorithm or has an expired SSL certificate, an attacker can intercept the data being transmitted, decrypt it, and gain unauthorized access to user accounts or confidential information.