CAS-003 Question #522: Real Exam Question with Answer & Explanation

The correct answer is D: HTTP interceptor. An HTTP interceptor (D) such as Burp Suite or OWASP ZAP is the appropriate tool for further security assessment when a developer submits output from a web application. An HTTP interceptor sits between the browser and the server, capturing and allowing modification of HTTP/HTTPS r

Question

A developer emails the following output to a security administrator for review: Which of the following tools might the security administrator use to perform further security assessment of this issue?

Exhibit

Options

APort scanner
BVulnerability scanner
CFuzzer
DHTTP interceptor

Explanation

An HTTP interceptor (D) such as Burp Suite or OWASP ZAP is the appropriate tool for further security assessment when a developer submits output from a web application. An HTTP interceptor sits between the browser and the server, capturing and allowing modification of HTTP/HTTPS requests and responses in real time. This enables the security administrator to examine headers, cookies, authentication tokens, parameters, and server responses to identify vulnerabilities such as injection flaws, authentication weaknesses, session management issues, or information disclosure. A port scanner (A) identifies open network ports but does not analyze application-layer content. A vulnerability scanner (B) performs automated broad scanning but lacks the granular interactive analysis needed here. A fuzzer (C) tests for crashes via malformed input but is a subsequent step, not the initial assessment tool for reviewing application output.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice