CompTIA PenTest+ (PT0-001) — Question 108

A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities:
✑ XSS
✑ HTTP DELETE method allowed
✑ SQL injection
✑ Vulnerable to CSRF
To which of the following should the tester give the HIGHEST priority?

Answer options

• A. SQL injection
• B. HTTP DELETE method allowed
• C. Vulnerable to CSRF
• D. XSS

Correct answer: B

Explanation

The HTTP DELETE method allowed vulnerability is the most critical because it can allow an attacker to delete resources on the server, potentially leading to significant data loss. While SQL injection and other vulnerabilities are serious, the direct impact of allowing HTTP DELETE operations can be more immediately damaging to the integrity of the database. Therefore, it is prioritized as the highest risk.