Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam CS0-003 Topic 2 Question 20 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 20
Topic #: 2
[All CS0-003 Questions]

A security analyst is trying to validate the results of a web application scan with Burp Suite. The security analyst performs the following:

Which of the following vulnerabilitles Is the securlty analyst trylng to valldate?

Show Suggested Answer Hide Answer
Suggested Answer: B

The security analyst is validating a Local File Inclusion (LFI) vulnerability, as indicated by the ''/.../.../.../'' in the GET request which is a common indicator of directory traversal attempts associated with LFI. The other options are not relevant for this purpose: SQL injection involves injecting malicious SQL statements into a database query; XSS involves injecting malicious scripts into a web page; CSRF involves tricking a user into performing an unwanted action on a web application.


According to the CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition1, one of the objectives for the exam is to ''use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities''. The book also covers the usage and syntax of Burp Suite, a tool used for testing web application security, in chapter 6. Specifically, it explains the meaning and function of each component in Burp Suite, such as Repeater, which allows the security analyst to modify and resend individual requests1, page 239. Therefore, this is a reliable source to verify the answer to the question.

Contribute your Thoughts:

Micah
6 months ago
Hmm, I'm not sure. Could it be LFI (option B)? The image shows a parameter called 'file', which might be used for local file inclusion. But I could be wrong, these questions can be tricky!
upvoted 0 times
...
Nilsa
6 months ago
Ha! This is clearly a CSRF (option D) vulnerability. The analyst is trying to validate a 'Change Password' request, which is a textbook CSRF scenario.
upvoted 0 times
Sue
5 months ago
It's important to validate and address CSRF vulnerabilities to protect against unauthorized actions.
upvoted 0 times
...
Cherrie
5 months ago
A: Oh, I see. Thanks for clarifying!
upvoted 0 times
...
Hubert
5 months ago
B: No, it's actually CSRF (option D). The 'Change Password' request is a classic CSRF scenario.
upvoted 0 times
...
Truman
5 months ago
Yes, CSRF is a common vulnerability in web applications.
upvoted 0 times
...
Kerry
5 months ago
I agree, CSRF seems to be the vulnerability the analyst is trying to validate.
upvoted 0 times
...
Talia
5 months ago
A: I think it's XSS (option C) vulnerability.
upvoted 0 times
...
...
Therese
6 months ago
I think it's XSS (option C). The HTTP request in the image shows the use of the 'admin.php' parameter, which is a common target for cross-site scripting attacks.
upvoted 0 times
...
Bernardine
6 months ago
The security analyst is trying to validate SQL injection, which is option A. This is a classic web application vulnerability that can be detected using Burp Suite.
upvoted 0 times
Gracia
5 months ago
Yes, SQL injection is a common vulnerability that can be detected with Burp Suite.
upvoted 0 times
...
Gracia
5 months ago
I think the security analyst is trying to validate SQL injection.
upvoted 0 times
...
Arthur
5 months ago
Yes, SQL injection is a common vulnerability that can be detected with Burp Suite.
upvoted 0 times
...
Arthur
5 months ago
I think the security analyst is trying to validate SQL injection.
upvoted 0 times
...
Avery
5 months ago
That's correct, SQL injection is the vulnerability being validated.
upvoted 0 times
...
Bernardo
6 months ago
SQL injection
upvoted 0 times
...
Vanna
6 months ago
What vulnerability is the security analyst trying to validate?
upvoted 0 times
...
Bettyann
6 months ago
Yes, SQL injection is a common vulnerability that can be detected with Burp Suite.
upvoted 0 times
...
Bettyann
6 months ago
I think the security analyst is trying to validate SQL injection.
upvoted 0 times
...
...

Save Cancel