Question 1,014 of 1,152
Threats, Vulnerabilities, and MitigationsmediumMultiple ChoiceObjective-mapped

Quick Answer

The answer is a server-side request forgery (SSRF) attack, because the application is being tricked into making unauthorized internal requests on the attacker’s behalf. This is correct because the exhibit shows a manipulated URL parameter—such as `?url=http://169.254.169.254/latest/meta-data/`—which forces the server to fetch a sensitive internal resource, like a cloud metadata endpoint, that should never be exposed externally. On the Security+ SY0-701 exam, this scenario tests your ability to recognize how SSRF bypasses network segmentation by exploiting the trust an application has in its own internal network. A common trap is confusing SSRF with cross-site request forgery (CSRF), but remember: SSRF targets the server’s outbound requests, while CSRF targets a user’s browser. For a quick memory tip, think “SSRF = Server Sends Requests For the attacker,” and watch for URL parameters pointing to private IP ranges like 169.254.x.x or 127.0.0.1.

SY0-701 Threats, Vulnerabilities, and Mitigations Practice Question

This SY0-701 practice question tests your understanding of threats, vulnerabilities, and mitigations. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Web Access Log
2026-04-17T10:22:11Z "GET /thumb?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 512
2026-04-17T10:22:14Z "GET /thumb?url=http://10.0.5.14:8080/admin HTTP/1.1" 200 133
Application server outbound connections observed to internal RFC1918 addresses after each request.

Based on the exhibit, which attack is most likely being attempted against the application?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Question 1mediummultiple choice
Full question →

Exhibit

Web Access Log
2026-04-17T10:22:11Z "GET /thumb?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 512
2026-04-17T10:22:14Z "GET /thumb?url=http://10.0.5.14:8080/admin HTTP/1.1" 200 133
Application server outbound connections observed to internal RFC1918 addresses after each request.

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Server-side request forgery, because the application is being tricked into making internal requests on the attacker's behalf.

The exhibit shows an attacker manipulating a URL parameter (e.g., `?url=http://169.254.169.254/latest/meta-data/`) to make the application fetch an internal resource. This is a classic Server-Side Request Forgery (SSRF) attack, where the application is tricked into making requests to internal services (like cloud metadata endpoints) on the attacker's behalf, bypassing network segmentation.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Cross-site scripting, because the attacker is trying to inject script into the victim's browser session.

    Why it's wrong here

    XSS targets the browser by injecting malicious script into content that other users view. The exhibit instead shows the server fetching URLs supplied by the user, including internal addresses and cloud metadata. That behavior is not browser-based script execution.

  • Server-side request forgery, because the application is being tricked into making internal requests on the attacker's behalf.

    Why this is correct

    The application accepts a URL parameter and then makes outbound requests to internal resources, including the cloud metadata endpoint. That is the hallmark of SSRF. The attacker is causing the server to reach addresses that should not normally be accessible through a public request path.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Cross-site request forgery, because the attacker is forcing an authenticated user to submit an unwanted request.

    Why it's wrong here

    CSRF exploits a victim's browser and authenticated session to trigger actions on a different site. Here, the evidence shows the server directly making internal outbound requests based on a supplied URL. The attack does not rely on a browser session or user interaction with a forged form.

  • SQL injection, because the attacker is manipulating a query parameter to expose backend data.

    Why it's wrong here

    SQL injection manipulates database queries, usually by altering SQL syntax in input fields. The log output here shows URL fetching and requests to the metadata service, not database error messages or SQL syntax anomalies. This is a request-forgery issue, not a database query injection.

Common exam traps

Common exam trap: answer the scenario, not the keyword

CompTIA often tests SSRF by showing a URL parameter like `?url=` or `?file=` pointing to an internal IP (e.g., 127.0.0.1 or 169.254.169.254), and candidates confuse it with CSRF because both involve 'forged requests,' but SSRF is server-side while CSRF is client-side.

Trap categories for this question

  • Command / output trap

    XSS targets the browser by injecting malicious script into content that other users view. The exhibit instead shows the server fetching URLs supplied by the user, including internal addresses and cloud metadata. That behavior is not browser-based script execution.

Detailed technical explanation

How to think about this question

SSRF exploits trust relationships between the application and internal networks, often targeting cloud metadata services (e.g., AWS at `169.254.169.254`) or internal APIs. The attack can be blind (no direct response) or non-blind (response reflected), and mitigation requires strict allowlists for outbound requests, disabling unnecessary URL schemes (e.g., `file://`), and validating hostnames against internal IP ranges. In real-world breaches, SSRF has been used to steal AWS IAM credentials from metadata endpoints.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SY0-701 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SY0-701 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SY0-701 question test?

Threats, Vulnerabilities, and Mitigations — This question tests Threats, Vulnerabilities, and Mitigations — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Server-side request forgery, because the application is being tricked into making internal requests on the attacker's behalf. — The exhibit shows an attacker manipulating a URL parameter (e.g., `?url=http://169.254.169.254/latest/meta-data/`) to make the application fetch an internal resource. This is a classic Server-Side Request Forgery (SSRF) attack, where the application is tricked into making requests to internal services (like cloud metadata endpoints) on the attacker's behalf, bypassing network segmentation.

What should I do if I get this SY0-701 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 30, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.