CompTIA CySA+ (CS0-001) — Question 47

An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kali's latest distribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of the following techniques did the analyst use to perform these unauthorized activities?

Answer options

• A. Impersonation
• B. Privilege escalation
• C. Directory traversal
• D. Input injection

Correct answer: C

Explanation

The correct answer is C, Directory traversal, as it allows access to files and directories that are outside the intended scope of a user account. The other options do not fit: A (Impersonation) involves pretending to be another user, B (Privilege escalation) refers to gaining higher privileges than allowed, and D (Input injection) deals with injecting malicious input to manipulate applications.