CompTIA PenTest+ (PT0-003) — Question 95

A penetration tester is conducting an assessment of a web application's log-in page. The tester needs to determine whether there are any hidden form fields of interest. Which of following is the most effective technique?

Answer options

• A. XSS
• B. On-path attack
• C. SQL injection
• D. HTML scraping

Correct answer: D

Explanation

The correct answer is D, HTML scraping, as it allows the tester to extract and review the HTML code of the page, revealing any hidden form fields. Options A, B, and C are focused on different types of vulnerabilities and attack vectors and do not specifically target finding hidden elements in the web application.