CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

When conducting a security assessment of a web application, you discover that the application fails to properly restrict URL access to a function that should only be accessible to users with administrative privileges. Through this functionality, non-admin users can perform sensitive operations which poses a significant security risk. Based on the OWASP Top 10 list, which vulnerability category does this scenario BEST align with?

  • A10:2021-Insufficient Logging & Monitoring

  • A03:2021-Injection

  • A01:2021-Broken Access Control

  • A04:2021-Insecure Direct Object References (IDOR)

This question is for objective:
Attacks and Exploits
Your Score:
Attacks and Exploits
Information Gathering and Vulnerability Scanning
Reporting and Communication
Tools and Code Analysis
Planning and Scoping