ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 367 discussion

Actual exam question from CompTIA's PT0-002
Question #: 367
Topic #: 1
[All PT0-002 Questions]

SIMULATION
-

A penetration tester performs several Nmap scans against the web application for a client.


INSTRUCTIONS
-

Click on the WAF and servers to review the results of the Nmap scans. Then click on each tab to select the appropriate vulnerability and remediation options.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.











Show Suggested Answer Hide Answer
Suggested Answer:
by BlackSkullz at Nov. 15, 2024, 4:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BlackSkullz
Highly Voted 5 months, 3 weeks ago
The vulnerability here is that the penetration tester was successfuly able to communicate with App01.example.com directly with the Nmap scan, meaning it wasn't filtered and stopped by the WAF. -"Bypass the WAF to communicate directly with App01.example.com" is the vulnerability. Since it's obvious that the WAF isn't properly filtering the direct traffic to the web application, you would need to deploy practices to prevent that malicious traffic from reaching the application in the first place -"Restrict direct communications to App01.example.com to only approved components" would ensure that the WAF is properly reviewing the components of the requests made directly to App01.example.com to determine if they are malicious -"Require an additional authentication header value between CDN.example.com and App01.example.com" This would ensure that App01.example.com would only respond to requests authenticated by the WAF
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago