CompTIA PenTest+ (PT0-002) — Question 393

As part of an active reconnaissance, a penetration tester intercepts and analyzes network traffic, including API requests and responses. Which of the following can be gained by capturing and examining the API traffic?

Answer options

• A. Assessing the performance of the network's API communication
• B. Identifying the token/authentication detail
• C. Enumerating all users of the application
• D. Extracting confidential user data from the intercepted API responses

Correct answer: B

Explanation

The correct answer is B because capturing API traffic can reveal authentication tokens or credentials used for access. Options A, C, and D are incorrect as they do not directly relate to what can be identified through the examination of token details in the API traffic.