CompTIA PenTest+ (PT0-002) — Question 266

While conducting a penetration test of a web application, the penetration tester enters the following URI:

http://test.comptia.com/../../../../etc/shadow

Which of the following attacks is the tester attempting?

Answer options

• A. XML injection
• B. SQL injection
• C. Directory traversal
• D. Buffer overflow

Correct answer: C

Explanation

The correct answer is C, Directory traversal, as the URI attempts to access the /etc/shadow file by navigating up the directory structure. Options A and B refer to different types of attacks that target data processing rather than file system access, and option D involves memory management issues, which is unrelated to the URI manipulation in this scenario.