CAS-003 · Question #511
A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements: - Must be able to MITM web-based protocols - Must be ab
The correct answer is B. HTTP intercepting proxy C. Vulnerability scanner. An HTTP intercepting proxy (e.g., Burp Suite, OWASP ZAP) is the standard tool for performing man-in-the-middle attacks against web-based protocols - it sits between the client and server, capturing and modifying HTTP/HTTPS traffic. A vulnerability scanner (e.g., Nessus, OpenVAS)
Question
A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements:
- Must be able to MITM web-based protocols
- Must be able to find common misconfigurations and security holes
Which of the following types of testing should be included in the testing platform? (Choose two.)
Options
- AReverse engineering tool
- BHTTP intercepting proxy
- CVulnerability scanner
- DFile integrity monitor
- EPassword cracker
- FFuzzer
How the community answered
(59 responses)- A2% (1)
- B85% (50)
- D2% (1)
- E3% (2)
- F8% (5)
Explanation
An HTTP intercepting proxy (e.g., Burp Suite, OWASP ZAP) is the standard tool for performing man-in-the-middle attacks against web-based protocols - it sits between the client and server, capturing and modifying HTTP/HTTPS traffic. A vulnerability scanner (e.g., Nessus, OpenVAS) automates the discovery of common misconfigurations, missing patches, and known security weaknesses across systems. The other options - reverse engineering tools, file integrity monitors, password crackers, and fuzzers - do not directly satisfy either stated requirement.
Topics
Community Discussion
No community discussion yet for this question.