SAST flags deserialization of untrusted data in a Java admin servlet. Why critical?
Multiple choice — select one answer
Answer choices
Architectural breakdown & explanation
Unsafe deserialization is a frequent RCE path in enterprise Java apps.
Correct answer(s): b. Remote attackers may execute arbitrary code via gadget chains during deserialization
Exam domain: SAST findings (25% weight on the official guide).
Official documentation & study links
Practice this certification
This page is one question from the KeyTrain's Key Training — Application Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.