Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam PT0-002 Topic 2 Question 67 Discussion

Actual exam question for CompTIA's PT0-002 exam
Question #: 67
Topic #: 2
[All PT0-002 Questions]

As part of active reconnaissance, penetration testers need to determine whether a protection mechanism is in place to safeguard the target's website against web application attacks. Which of the following methods would be the most suitable?

Show Suggested Answer Hide Answer
Suggested Answer: D

* Detecting a Web Application Firewall (WAF) helps penetration testers understand the protective measures in place and tailor their testing methods to bypass these defenses.

* Details:

A . Direct-to-origin testing: Useful for bypassing CDN but not specifically for detecting protective mechanisms like WAF.

B . Antivirus scanning: Not relevant for web application attacks.

C . Scapy packet crafting: Useful for network-level testing but not for detecting web application protections.

D . WAF detection: Identifies if a WAF is present, which is critical for understanding and bypassing web application defenses.

* Reference: WAF detection techniques are documented in web application security testing methodologies such as OWASP.


by Lai at Sep 18, 2024, 11:29 PM

Limited Time Offer

25%

Off

Get Premium PT0-002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Yolando
8 months ago
Ooh, let me guess. The answer is D) WAF detection, because who doesn't love a good game of 'Guess the Firewall?'
upvoted 0 times
...
Anjelica
8 months ago
B) Antivirus scanning? Really? What is this, a high school computer science class? Gotta be WAF detection all the way.
upvoted 0 times
...
Rima
8 months ago
A) Direct-to-origin testing? That's so 2010. Everyone knows the real pro move is to go for the WAF detection.
upvoted 0 times
Lettie
7 months ago
Scapy packet crafting could also be useful in some cases.
upvoted 0 times
...
Wilford
7 months ago
Direct-to-origin testing is outdated, WAF detection is more effective.
upvoted 0 times
...
Leslie
7 months ago
I agree, it's important to check for any Web Application Firewall.
upvoted 0 times
...
Osvaldo
7 months ago
WAF detection is definitely the way to go.
upvoted 0 times
...
...
Tomoko
8 months ago
C) Scapy packet crafting? Seriously? I'd rather just use a straightforward WAF detection tool and save myself the headache.
upvoted 0 times
...
Adelle
8 months ago
D) WAF detection sounds like the way to go. I mean, who needs antivirus when you can just bypass the web app firewall, right?
upvoted 0 times
Geraldo
7 months ago
User 3: Direct-to-origin testing could also be useful in this situation.
upvoted 0 times
...
Kris
7 months ago
User 2: Yeah, antivirus scanning seems unnecessary if you can bypass the firewall.
upvoted 0 times
...
Corrie
7 months ago
User 1: I think WAF detection is the best method for checking protection mechanisms.
upvoted 0 times
...
...
Edward
8 months ago
B) Antivirus scanning? Really? I think that's more for catching viruses, not penetration testing. Gotta think outside the box here.
upvoted 0 times
Bulah
7 months ago
A) Direct-to-origin testing could also be useful to bypass any protection mechanisms in place.
upvoted 0 times
...
Coleen
7 months ago
D) WAF detection seems like a more targeted approach to protect against web application attacks.
upvoted 0 times
...
Bev
7 months ago
C) Scapy packet crafting? That sounds like a creative way to test for vulnerabilities.
upvoted 0 times
...
Lyla
7 months ago
D) WAF detection
upvoted 0 times
...
Gilma
7 months ago
C) Scapy packet crafting
upvoted 0 times
...
Elizabeth
8 months ago
B) Antivirus scanning
upvoted 0 times
...
Roselle
8 months ago
A) Direct-to-origin testing
upvoted 0 times
...
...
Peggie
8 months ago
I'm not sure, but I think C) Scapy packet crafting could also be useful for active reconnaissance.
upvoted 0 times
...
Dorothy
8 months ago
C) Scapy packet crafting? Are we trying to hack the exams now? Let's keep it legit, folks.
upvoted 0 times
...
Gwen
9 months ago
A) Direct-to-origin testing is the way to go. Bypass that firewall and get right to the juicy target!
upvoted 0 times
Sonia
8 months ago
A) I agree, bypassing the firewall with direct-to-origin testing seems like a bold move.
upvoted 0 times
...
Kenny
8 months ago
C) Scapy packet crafting might help in gathering more information about the target.
upvoted 0 times
...
Antonio
8 months ago
D) WAF detection could also be useful to see if there are any protective measures in place.
upvoted 0 times
...
Karl
8 months ago
A) Direct-to-origin testing sounds risky but effective.
upvoted 0 times
...
...
Dorcas
9 months ago
D) WAF detection seems like the most logical choice here. Gotta make sure that pesky firewall isn't blocking our reconnaissance efforts.
upvoted 0 times
Thurman
8 months ago
WAF detection is definitely the way to go for this.
upvoted 0 times
...
Buck
8 months ago
Agreed, we need to check if the firewall is in place.
upvoted 0 times
...
Jacqueline
8 months ago
I think we should go with D) WAF detection.
upvoted 0 times
...
...
Nohemi
9 months ago
I agree with Ezekiel, WAF detection is crucial for safeguarding against web application attacks.
upvoted 0 times
...
Ezekiel
9 months ago
I think the most suitable method would be D) WAF detection.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77