CompTIA CASP+ (CAS-003) — Question 269

A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: `<object object_ref=`¦ />` and `<state state_ref=`¦ /
>`. Which of the following tools BEST supports the use of these definitions?

Answer options

• A. HTTP interceptor
• B. Static code analyzer
• C. SCAP scanner
• D. XML fuzzer

Correct answer: D

Explanation

The correct answer is D, XML fuzzer, as it is designed to test and manipulate XML data structures which align with the use of the provided XML tags. The other options do not specifically cater to the structure and testing of XML content; an HTTP interceptor deals with network traffic, a static code analyzer focuses on code quality, and an SCAP scanner is for compliance checks but not specifically for XML manipulation.