ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 336 discussion

Actual exam question from CompTIA's PT0-002
Question #: 336
Topic #: 1
[All PT0-002 Questions]

A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:



Which of the following is the MOST likely explanation for the output?

  • A. The tester is not using a valid SSL certificate.
  • B. The admin directory cannot be fuzzed because it is forbidden.
  • C. The admin, test, and db directories redirect to the log-in page.
  • D. The robots.txt file has six entries in it.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mat22 at Aug. 9, 2024, 10:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
IamBlackFire
Highly Voted 6 months, 2 weeks ago
Selected Answer: C
The output of the fuzzing tool shows that the admin, test, and db directories have the same size, words, and lines as the login page, which indicates that they are redirecting to the login page. This means that the tester cannot access these directories without valid credentials. The server-status page returns a 403 Forbidden status code, which means that the tester does not have permission to access it. The robots.txt file returns a 404 Not Found status code, which means that the file does not exist on the server. References: •The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 77-78. •101 Labs — CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam, Lab 2.3: Fuzzing Web Applications, page 69-70.
upvoted 6 times
...
Panda_Dance
Most Recent 8 months ago
Answer: D The output shows that the robots.txt file returns a 404 status code, which means "Not Found". The "Lines: 6" part suggests that the file has six lines or entries in it. Not C because the admin, test, and db directories redirect to the log-in page. This option is also not correct. The output shows that the admin, test, and db directories can be accessed directly, and the server responds with a status code of 200. I would love some feedback!
upvoted 2 times
yeahnodontthinkso
3 days, 5 hours ago
I agree. If those pages were redirecting, they would be giving 300 status codes, not 200. I also don't think it's robots.txt though. 404 means it doesn't even exist. Kind of at a loss on this one.
upvoted 1 times
yeahnodontthinkso
3 days, 5 hours ago
After thinking, A is the only one that makes any lick of sense, even though it doesn't.
upvoted 1 times
yeahnodontthinkso
3 days, 5 hours ago
I meant C. I'm tired.
upvoted 1 times
...
...
...
ZoeAnneTaylor
7 months ago
The 6 lines could be the 404 error message
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago