CompTIA PenTest+ (PT1-002) — Question 33

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

Answer options

• A. Perform XSS.
• B. Conduct a watering-hole attack.
• C. Use BeEF.
• D. Use browser autopwn.

Correct answer: A

Explanation

The correct answer is A, as Cross-Site Scripting (XSS) can be used in conjunction with clickjacking to manipulate user sessions and capture sensitive information. The other options, while they may involve security exploits, do not directly exploit the identified clickjacking vulnerability in the context of a login page.