Multiple choice technology security

In the following code, which is the location of vulnerability?

1  bIsAdmin = true; 
2  try  
3  { 
4  function (); 
5   bIsAdmin = isAdminUser(userName); 
6  } 
7  catch (Exception ex)  
8  { 
9   log.write(ex.toString()); 
10 }

  1. Line 9

  2. Line 5

  3. Line 7

  4. Line 1

Reveal answer Fill a bubble to check yourself
D Correct answer
Explanation

Line 1 sets bIsAdmin = true before any authentication occurs. If an exception is thrown in function() at line 4, execution jumps to the catch block and line 5 (the actual admin check) never executes. The exception is logged but bIsAdmin remains true, allowing unauthorized admin access. This is a vulnerable default-privileged design - sensitive flags should default to false.