CREST Practitioner Security Analyst (CPSA) Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Master the CREST Practitioner Security Analyst Exam. Prepare with quizzes and comprehensive study guides that include tips and explanations. Excel in your certification journey!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following HTTP methods is considered risky?

  1. GET

  2. HEAD

  3. PUT

  4. OPTIONS

The correct answer is: PUT

The HTTP method that is considered risky is PUT. This method allows a client to upload files to the server or update existing resources at a specified URI. Because of its ability to modify server-side data, using PUT can expose the server to various types of vulnerabilities, including unauthorized data modification, server-side resource exhaustion, and potentially overwriting critical files. In the context of web application security, allowing PUT requests without proper authentication and authorization controls can lead to significant issues. For instance, an attacker could exploit this method to upload malicious scripts or replace existing application files with harmful versions, thereby compromising the integrity and availability of the application. On the contrary, methods such as GET, HEAD, and OPTIONS are generally considered safer. GET retrieves data and does not change the server's state; HEAD is similar to GET but does not return the body of the response, and OPTIONS is used to describe the communication options for the target resource without making any changes. Therefore, PUT stands out as the more risky option among the listed HTTP methods due to its potential for enabling data modification.

More Questions Like This