As part of an active reconnaissance, a penetration tester intercepts and analyzes network traffic, including API requests and responses. Which of the following can be gained by capturing and examining the API traffic?
A.
Assessing the performance of the network's API communication
B.
Identifying the token/authentication detail
C.
Enumerating all users of the application
D.
Extracting confidential user data from the intercepted API responses
All of these could technically be intercepted and determined based on the security posture of the API. The reason I believe it's B is because it's the most likely. You're more likely to find authentication headers and tokens through intercepting API traffic. Even if it's encrypted, you can use the intercepted traffic to determine the encryption being used to secure that traffic
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
BlackSkullz
5 months, 3 weeks ago