CompTIA PenTest+ (PT0-001) — Question 76

A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

Answer options

• A. Command injection attack
• B. Clickjacking attack
• C. Directory traversal attack
• D. Remote file inclusion attack

Correct answer: B

Explanation

The correct answer is B, as a missing content security policy makes the application vulnerable to clickjacking attacks, where an attacker can trick users into clicking on something different than what they perceive. The other options, such as command injection, directory traversal, and remote file inclusion, do not primarily exploit the absence of a content security policy.