CompTIA CySA+CS0-002 – Question140

During the security assessment of a new application, a tester attempts to log in to the application but receives the following message: incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

A.
Set the web page to redirect to an application support page when a bad password is entered.
B. Disable error messaging for authentication.
C. Recognize that error messaging does not provide confirmation of the correct element of authentication.
D. Avoid using password-based authentication for the application.

Correct Answer: C