CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

During a security assessment of a web application, you notice that carefully crafted inputs that should result in server-side errors do not produce discernible changes in the application's output. To confirm your suspicions of a potential back-end data store vulnerability, which technique would be most effective given the lack of informative responses?

  • Input crafted payloads that result in immediate reflection in application output to validate execution against the server's data handler.

  • Initiate a timing attack by sending a payload designed to trigger a delay in the application response indicative of successful execution on the data store.

  • Send an input that would typically generate an error and check for specific error messaging in the response.

  • Rely on automated tools using common payloads that produce detailed error messages to identify potential data extraction points.

This question is for objective:
Attacks and Exploits
Your Score:
Attacks and Exploits
Information Gathering and Vulnerability Scanning
Reporting and Communication
Tools and Code Analysis
Planning and Scoping