The option that is not a defense for broken access control is "Invalidating the session at the client side".

Here's why:

1. Invalidating the session at the client side: This is not a defense for broken access control because it does not prevent unauthorized access to resources. It only ends the session on the client side, but does not necessarily restrict access to resources on the server side.

2. Logging access control failures: This is a defense mechanism as it helps in identifying and analyzing failed access attempts, which could indicate a potential security threat.

3. Disabling web server directory listing: This is a defense mechanism as it prevents unauthorized users from viewing the contents of directories on the web server.

4. Deny all requests except for public resources: This is a defense mechanism as it ensures that only authorized users can access non-public resources.

Therefore, the correct answer is "Invalidating the session at the client side".

Question

The option that is not a defense for broken access control is "Invalidating the session at the client side".

Here's why:

1. Invalidating the session at the client side: This is not a defense for broken access control because it does not prevent unauthorized access to resources. It only ends the session on the client side, but does not necessarily restrict access to resources on the server side.

2. Logging access control failures: This is a defense mechanism as it helps in identifying and analyzing failed access attempts, which could indicate a potential security threat.

3. Disabling web server directory listing: This is a defense mechanism as it prevents unauthorized users from viewing the contents of directories on the web server.

4. Deny all requests except for public resources: This is a defense mechanism as it ensures that only authorized users can access non-public resources.

Therefore, the correct answer is "Invalidating the session at the client side".

Knowee AI · Accepted Answer

The option that is not a defense for broken access control is "Invalidating the session at the client side".

Here's why:

1. Invalidating the session at the client side: This is not a defense for broken access control because it does not prevent unauthorized access to resources. It only ends the session on the client side, but does not necessarily restrict access to resources on the server side.

2. Logging access control failures: This is a defense mechanism as it helps in identifying and analyzing failed access attempts, which could indicate a potential security threat.

3. Disabling web server directory listing: This is a defense mechanism as it prevents unauthorized users from viewing the contents of directories on the web server.

4. Deny all requests except for public resources: This is a defense mechanism as it ensures that only authorized users can access non-public resources.

Therefore, the correct answer is "Invalidating the session at the client side".

Question8Max. score: 2.00Which of these is not a defence for broken access controlInvalidating the session at the client sideLogging access control failuresDisabling web server directory listingDeny all requests except for public resourcesReset Answer

Question

Solution

Similar Questions

Upgrade your grade with Knowee