nerdexam
CompTIA

CAS-003 · Question #511

A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements: - Must be able to MITM web-based protocols - Must be ab

The correct answer is B. HTTP intercepting proxy C. Vulnerability scanner. An HTTP intercepting proxy (e.g., Burp Suite, OWASP ZAP) is the standard tool for performing man-in-the-middle attacks against web-based protocols - it sits between the client and server, capturing and modifying HTTP/HTTPS traffic. A vulnerability scanner (e.g., Nessus, OpenVAS)

Enterprise Security Operations

Question

A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements:

  • Must be able to MITM web-based protocols
  • Must be able to find common misconfigurations and security holes

Which of the following types of testing should be included in the testing platform? (Choose two.)

Options

  • AReverse engineering tool
  • BHTTP intercepting proxy
  • CVulnerability scanner
  • DFile integrity monitor
  • EPassword cracker
  • FFuzzer

How the community answered

(59 responses)
  • A
    2% (1)
  • B
    85% (50)
  • D
    2% (1)
  • E
    3% (2)
  • F
    8% (5)

Explanation

An HTTP intercepting proxy (e.g., Burp Suite, OWASP ZAP) is the standard tool for performing man-in-the-middle attacks against web-based protocols - it sits between the client and server, capturing and modifying HTTP/HTTPS traffic. A vulnerability scanner (e.g., Nessus, OpenVAS) automates the discovery of common misconfigurations, missing patches, and known security weaknesses across systems. The other options - reverse engineering tools, file integrity monitors, password crackers, and fuzzers - do not directly satisfy either stated requirement.

Topics

#penetration testing tools#HTTP intercepting proxy#vulnerability scanner#MITM attacks

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice