nerdexam
ExamsCAS-001Questions#206
CompTIA

CAS-001 · Question #206

CAS-001 Question #206: Real Exam Question with Answer & Explanation

The correct answer is A: HTTP interceptor. An HTTP Interceptor (e.g., Burp Suite proxy) sits between the browser and the server, capturing and allowing manual modification of HTTP requests before they are sent. Even though the form only shows a dropdown with valid country values, the interceptor allows the tester to chang

Question

A security manager has provided a Statement of Work (SOW) to an external penetration testing firm for a web application security test. The web application starts with a very simple HTML survey form with two components: a country selection dropdown list and a submit button. The penetration testers are required to provide their test cases for this survey form in advance. In order to adequately test the input validation of the survey form, which of the following tools would be the BEST tool for the technician to use?

Options

  • AHTTP interceptor
  • BVulnerability scanner
  • CPort scanner
  • DFuzzer

Explanation

An HTTP Interceptor (e.g., Burp Suite proxy) sits between the browser and the server, capturing and allowing manual modification of HTTP requests before they are sent. Even though the form only shows a dropdown with valid country values, the interceptor allows the tester to change those submitted values to arbitrary, malicious, or malformed input - directly testing the server-side input validation. This approach lets testers define and submit specific, pre-planned test cases as required by the SOW. A Fuzzer sends random/automated inputs and does not easily support pre-defined, documented test cases. A Vulnerability Scanner and Port Scanner do not target application-layer input validation at the form level.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice