QUESTION An attacker has been successfully modifying the purchase price of items purchased at a web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the IDS logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the price? OA. By using SQL injection OB. By using cross site scripting O c. By changing hidden form values in a local copy of the web page O D There is no way the attacker could do this without directly compromising either the web server or the database QUESTION 2 Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy;integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concems? O A.Bob can explain that using a weak key management technique is a form of programming error O B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error Oc.Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique O D. Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error