CompTIA PenTest+ PT0-002 Practice Question

As a penetration tester, you are authorized to test an application's API that employs scoped access tokens. When you request a token from the authorization server specifying a particular scope, you receive a token with broader privileges than expected. What should your next course of action be to ethically continue the test according to the rules of engagement?

  • Use the broader scoped token to test additional functionalities since it will provide a more comprehensive security assessment.

  • Manually adjust the scope in the token to match the intended permissions and proceed with testing.

  • Inform the client and request a token with the correct scope.

  • Continue testing using the received token but avoid accessing the functionalities that are outside the initial scope.

CompTIA PenTest+ PT0-002
Information Gathering and Vulnerability Scanning
Your Score:
Settings & Objectives

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot