Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam PT0-002 Topic 2 Question 67 Discussion

Actual exam question for CompTIA's PT0-002 exam
Question #: 67
Topic #: 2
[All PT0-002 Questions]

As part of active reconnaissance, penetration testers need to determine whether a protection mechanism is in place to safeguard the target's website against web application attacks. Which of the following methods would be the most suitable?

Show Suggested Answer Hide Answer
Suggested Answer: D

* Detecting a Web Application Firewall (WAF) helps penetration testers understand the protective measures in place and tailor their testing methods to bypass these defenses.

* Details:

A . Direct-to-origin testing: Useful for bypassing CDN but not specifically for detecting protective mechanisms like WAF.

B . Antivirus scanning: Not relevant for web application attacks.

C . Scapy packet crafting: Useful for network-level testing but not for detecting web application protections.

D . WAF detection: Identifies if a WAF is present, which is critical for understanding and bypassing web application defenses.

* Reference: WAF detection techniques are documented in web application security testing methodologies such as OWASP.


by Lai at Sep 18, 2024, 11:29 PM

Limited Time Offer

25%

Off

Get Premium PT0-002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Yolando
8 days ago
Ooh, let me guess. The answer is D) WAF detection, because who doesn't love a good game of 'Guess the Firewall?'
upvoted 0 times
...
Anjelica
9 days ago
B) Antivirus scanning? Really? What is this, a high school computer science class? Gotta be WAF detection all the way.
upvoted 0 times
...
Rima
11 days ago
A) Direct-to-origin testing? That's so 2010. Everyone knows the real pro move is to go for the WAF detection.
upvoted 0 times
...
Tomoko
14 days ago
C) Scapy packet crafting? Seriously? I'd rather just use a straightforward WAF detection tool and save myself the headache.
upvoted 0 times
...
Adelle
16 days ago
D) WAF detection sounds like the way to go. I mean, who needs antivirus when you can just bypass the web app firewall, right?
upvoted 0 times
...
Edward
22 days ago
B) Antivirus scanning? Really? I think that's more for catching viruses, not penetration testing. Gotta think outside the box here.
upvoted 0 times
Elizabeth
7 days ago
B) Antivirus scanning
upvoted 0 times
...
Roselle
9 days ago
A) Direct-to-origin testing
upvoted 0 times
...
...
Peggie
28 days ago
I'm not sure, but I think C) Scapy packet crafting could also be useful for active reconnaissance.
upvoted 0 times
...
Dorothy
1 months ago
C) Scapy packet crafting? Are we trying to hack the exams now? Let's keep it legit, folks.
upvoted 0 times
...
Gwen
1 months ago
A) Direct-to-origin testing is the way to go. Bypass that firewall and get right to the juicy target!
upvoted 0 times
Sonia
2 days ago
A) I agree, bypassing the firewall with direct-to-origin testing seems like a bold move.
upvoted 0 times
...
Kenny
4 days ago
C) Scapy packet crafting might help in gathering more information about the target.
upvoted 0 times
...
Antonio
21 days ago
D) WAF detection could also be useful to see if there are any protective measures in place.
upvoted 0 times
...
Karl
22 days ago
A) Direct-to-origin testing sounds risky but effective.
upvoted 0 times
...
...
Dorcas
1 months ago
D) WAF detection seems like the most logical choice here. Gotta make sure that pesky firewall isn't blocking our reconnaissance efforts.
upvoted 0 times
Thurman
3 days ago
User 3: WAF detection is definitely the way to go for this.
upvoted 0 times
...
Buck
4 days ago
User 2: Agreed, we need to check if the firewall is in place.
upvoted 0 times
...
Jacqueline
8 days ago
User 1: I think we should go with D) WAF detection.
upvoted 0 times
...
...
Nohemi
2 months ago
I agree with Ezekiel, WAF detection is crucial for safeguarding against web application attacks.
upvoted 0 times
...
Ezekiel
2 months ago
I think the most suitable method would be D) WAF detection.
upvoted 0 times
...

Save Cancel