During a pre-engagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?
APIs (Application Programming Interfaces) are common assets to test for vulnerabilities such as improper authentication, data leakage, or injection attacks.
Testing APIs often uncovers critical issues in modern applications.
Why Not Other Options?
B (HTTP): This is a protocol, not a specific asset.
C (IPA): Unrelated to penetration testing (likely a typo or irrelevant here).
D (ICMP): This is a protocol used for network diagnostics, not an application asset.
CompTIA Pentest+ References:
Domain 1.0 (Planning and Scoping)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit