CompTIA CASP+ (CAS-003) — Question 62
A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output:
TCP 80 open -
TCP 443 open -
TCP 1434 filtered -
The penetration tester then used a different tool to make the following requests:
GET / script/login.php?token=45$MHT000MND876
GET / script/login.php?token=@#984DCSPQ%091DF
Which of the following tools did the penetration tester use?
Answer options
- A. Protocol analyzer
- B. Port scanner
- C. Fuzzer
- D. Brute forcer
- E. Log analyzer
- F. HTTP interceptor
Correct answer: C
Explanation
The correct answer is C, Fuzzer, as the requests made by the penetration tester suggest an attempt to manipulate input parameters and test for vulnerabilities. The other options do not fit the context; a Protocol analyzer, Port scanner, Log analyzer, and HTTP interceptor serve different purposes and wouldn't be used to perform the same type of testing as a Fuzzer.