CompTIA PenTest+ (PT0-002) — Question 253

A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the organization’s sensitive files?

Answer options

• A. Remote file inclusion
• B. Cross-site scripting
• C. SQL injection
• D. Insecure direct object references

Correct answer: D

Explanation

Insecure direct object references allow an attacker to manipulate input parameters to access unauthorized resources, effectively bypassing access controls. Remote file inclusion, cross-site scripting, and SQL injection primarily target vulnerabilities in the application but do not directly exploit access control mechanisms in the same manner.