CompTIA CASP+ (CAS-004) — Question 523

A security engineer notices the company website allows users to select which country they reside in, such as the following example:

https://mycompany.com/main.php?Country=US

Which of the following vulnerabilities would MOST likely affect this site?

Answer options

• A. SQL injection
• B. Remote file inclusion
• C. Directory traversal
• D. Unsecure references

Correct answer: D

Explanation

The correct answer is D, as allowing users to select a country can lead to insecure references if not properly validated, potentially exposing sensitive information. SQL injection (A), remote file inclusion (B), and directory traversal (C) are less likely in this context since they relate to different types of input manipulation and file access issues.