CompTIA CySA+ (CS0-002) — Question 247

During an audit, several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products. Which of the following would be the best way to locate this issue?

Answer options

• A. Reduce the session timeout threshold.
• B. Deploy MFA for access to the web server.
• C. Implement input validation.
• D. Run a dynamic code analysis.

Correct answer: D

Explanation

Running a dynamic code analysis is the most effective approach to identify the manipulation in the web form, as it allows for real-time examination of the application while it is running. The other options, such as reducing session timeout or implementing MFA, do not directly address the root cause of the input manipulation. Input validation is important but does not help in identifying existing vulnerabilities in the code.