Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam CS0-003 Topic 2 Question 14 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 14
Topic #: 2
[All CS0-003 Questions]

A security analyst is trying to validate the results of a web application scan with Burp Suite. The security analyst performs the following:

Which of the following vulnerabilitles Is the securlty analyst trylng to valldate?

Show Suggested Answer Hide Answer
Suggested Answer: B

The security analyst is validating a Local File Inclusion (LFI) vulnerability, as indicated by the ''/.../.../.../'' in the GET request which is a common indicator of directory traversal attempts associated with LFI. The other options are not relevant for this purpose: SQL injection involves injecting malicious SQL statements into a database query; XSS involves injecting malicious scripts into a web page; CSRF involves tricking a user into performing an unwanted action on a web application.


According to the CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition1, one of the objectives for the exam is to ''use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities''. The book also covers the usage and syntax of Burp Suite, a tool used for testing web application security, in chapter 6. Specifically, it explains the meaning and function of each component in Burp Suite, such as Repeater, which allows the security analyst to modify and resend individual requests1, page 239. Therefore, this is a reliable source to verify the answer to the question.

Contribute your Thoughts:

Billy
5 months ago
That's a good point, Katheryn. But I still think XSS is more likely based on the screenshot.
upvoted 0 times
...
Katheryn
5 months ago
But couldn't it also be CSRF? That involves tricking a user into performing an action on a web application without their knowledge.
upvoted 0 times
...
Antonio
5 months ago
I agree with Billy, the screenshot in the question shows a script being injected into the web page, which is a common sign of XSS.
upvoted 0 times
...
Billy
6 months ago
I think the security analyst is trying to validate the XSS vulnerability.
upvoted 0 times
...
Rima
6 months ago
I think it could also be SQL injection, as it is a common vulnerability in web applications.
upvoted 0 times
...
Lashonda
7 months ago
I agree with Fidelia, XSS seems to be the most likely vulnerability based on the screenshot.
upvoted 0 times
...
Fidelia
7 months ago
I believe the vulnerability they are trying to validate is Cross-Site Scripting (XSS).
upvoted 0 times
...
Laurena
7 months ago
I think the security analyst is trying to validate a vulnerability with Burp Suite.
upvoted 0 times
...
Noe
8 months ago
Haha, good point. These certification exams are always trying to catch you off guard. I bet the question writer is sitting back, rubbing their hands together and thinking 'Let's see if they fall for the ol' SQL injection trap!'
upvoted 0 times
Sarah
7 months ago
No, it's not CSRF either.
upvoted 0 times
...
Nikita
7 months ago
D) CSRF
upvoted 0 times
...
Brent
7 months ago
No, not XSS.
upvoted 0 times
...
Clorinda
8 months ago
C) XSS
upvoted 0 times
...
Hoa
8 months ago
Yes, that's correct. They are trying to validate LFI.
upvoted 0 times
...
Dalene
8 months ago
B) LFI
upvoted 0 times
...
Lai
8 months ago
No, not SQL injection.
upvoted 0 times
...
Leonardo
8 months ago
A) SQL injection
upvoted 0 times
...
...
Kiley
8 months ago
You guys are right, but I think it's worth noting that the exam question might be trying to trick us. SQL injection is the obvious answer, but what if they're looking for something a little more subtle, like XSS or CSRF? I'm going to think this through a bit more carefully.
upvoted 0 times
...
Maryln
8 months ago
Yea, I agree. The image shows a SQL query being injected into the web application, so SQL injection is the most likely vulnerability the analyst is trying to validate. It's a classic web application attack vector.
upvoted 0 times
...
Bo
8 months ago
Hmm, this question seems pretty straightforward. The security analyst is clearly using Burp Suite to validate the results of a web application scan, and the image shows a SQL injection attack. So, I'd say the answer is A) SQL injection.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77