CompTIA PenTest+ (PT1-002) — Question 81
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
Answer options
- A. Cross-site request forgery
- B. Server-side request forgery
- C. Remote file inclusion
- D. Local file inclusion
Correct answer: B
Explanation
The correct answer is B, Server-side request forgery, as the tester exploited the ability to make requests to the cloud provider's metadata service to gain access to sensitive credentials. The other options, such as Cross-site request forgery (A), Remote file inclusion (C), and Local file inclusion (D), do not pertain to accessing cloud provider metadata or instance credentials.