CompTIA PenTest+ (PT0-001) — Question 11

A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?

Answer options

• A. Sample SOAP messages
• B. The REST API documentation
• C. A protocol fuzzing utility
• D. An applicable XSD file

Correct answer: D

Explanation

The correct answer is D, as an XSD file defines the structure and constraints of XML documents, which is essential for crafting valid XML files for testing. Options A and B are related to different protocols (SOAP and REST) and do not directly assist with XML parsing security tests. Option C, while useful for fuzzing, does not provide the specific schema needed for XML testing.