CompTIA PenTest+ (PT0-002) — Question 357
A penetration tester is conducting an assessment on a web application. Which of the following active reconnaissance techniques would be best for the tester to use to gather additional information about the application?
Answer options
- A. Using cURL with the verbose option
- B. Crawling URIs using an interception proxy
- C. Using Scapy for crafted requests
- D. Crawling URIs using a web browser
Correct answer: B
Explanation
The best choice is B, as using an interception proxy allows the tester to analyze and manipulate requests and responses in real-time, providing deeper insights into the application's behavior. Option A, while useful, does not provide as comprehensive an analysis as an interception proxy. Option C is more suited for specific packet manipulation and is not as effective for web application assessment, and option D lacks the advanced capabilities of an interception proxy, limiting the depth of information that can be gathered.