CompTIA CASP+ (CAS-004) — Question 380
A security researcher identified the following messages while testing a web application:
/file/admin/myprofile.php ERROR file does not exist.
/file/admin/userinfo.php ERROR file does not exist.
/file/admin/adminprofile.php ERROR file does not exist.
/file/admin/admininfo.php ERROR file does not exist.
/file/admin/universalprofile.php ERROR file does not exist.
/file/admin/universalinfo.php ERROR file does not exist.
/file/admin/restrictedprofile.php ACCESS is denied.
/file/admin/restrictedinfo.php ERROR file does not exist.
Which of the following should the researcher recommend to remediate the issue?
Answer options
- A. Software composition analysis
- B. Packet inspection
- C. Proper error handling
- D. Elimination of the use of unsafe functions
Correct answer: C
Explanation
The correct answer is C, as proper error handling would ensure that sensitive information is not leaked through error messages and that appropriate responses are given for different scenarios. Options A and B do not directly address the specific error handling issues observed, while D focuses on unsafe functions, which is not the primary concern in this case.