CompTIA PenTest+ (PT0-001) — Question 79

An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:

Answer options

• A. HTTP POST method.
• B. HTTP OPTIONS method.
• C. HTTP PUT method.
• D. HTTP TRACE method.

Correct answer: A

Explanation

Using the HTTP POST method is the correct choice because it allows data to be sent in the body of the request, rather than in the URL, thereby reducing the risk of sensitive information being exposed in server logs or browser history. The other methods, such as HTTP OPTIONS, PUT, and TRACE, do not serve the same purpose for securely submitting sensitive data.