nerdexam
ExamsCAS-001Questions#335
CompTIA

CAS-001 · Question #335

CAS-001 Question #335: Real Exam Question with Answer & Explanation

The correct answer is C: Fuzzer and HTTP interceptor. Testing input validation on both free-form text fields and drop-down boxes requires tools that can inject arbitrary values and intercept/modify HTTP requests. A fuzzer automatically generates unexpected, malformed, or boundary-value inputs to probe validation logic in text fields

Question

An audit at a popular on-line shopping site reveals that a flaw in the website allows customers to purchase goods at a discounted rate. To improve security the Chief Information Security Officer (CISO) has requested that the web based shopping cart application undergo testing to validate user input in both free form text fields and drop down boxes. Which of the following is the BEST combination of tools and / or methods to use?

Options

  • ABlackbox testing and fingerprinting
  • BCode review and packet analyzer
  • CFuzzer and HTTP interceptor
  • DEnumerator and vulnerability assessment

Explanation

Testing input validation on both free-form text fields and drop-down boxes requires tools that can inject arbitrary values and intercept/modify HTTP requests. A fuzzer automatically generates unexpected, malformed, or boundary-value inputs to probe validation logic in text fields. An HTTP interceptor (e.g., Burp Suite) sits between the browser and server, allowing a tester to capture and modify HTTP requests - including manipulating drop-down values that are constrained client-side but not server-side. Together, these two tools directly address the discovered flaw of purchasing items at unintended prices through manipulated inputs. The other combinations do not specifically target input validation testing.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice