CompTIA PenTest+ (PT0-001) — Question 33

A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?

Answer options

• A. TCP SYN flood
• B. SQL injection
• C. XSS
• D. XMAS scan

Correct answer: B

Explanation

The correct answer is B, SQL injection, as it assesses the application's handling of data inputs and can impact availability by causing database issues. The other options, such as TCP SYN flood, primarily target network availability, while XSS and XMAS scans focus on different vulnerabilities that do not directly assess availability.