CompTIA PenTest+ (PT1-002) — Question 67

Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

Answer options

• A. HTTPS communication
• B. Public and private keys
• C. Password encryption
• D. Sessions and cookies

Correct answer: D

Explanation

The correct answer is D, as sessions and cookies store user authentication information that can be exploited to hijack a user's session. Options A, B, and C do not directly relate to maintaining session control; HTTPS communication secures data in transit, public and private keys relate to encryption, and password encryption protects passwords but does not pertain to session management.