Exam PT0-002 Topic 5 Question 254 Discussion
Actual exam question for CompTIA's PT0-002 exam
Question #: 254
Topic #: 5
Question #: 254
Topic #: 5
During a security assessment, a penetration tester decides to write the following Python script: import requests x= ['OPTIONS', 'TRACE', 'TEST'l for y in x; z - requests.request(y, 'http://server.net') print(y, z.status_code, z.reason) Which of the following is the penetration tester trying to accomplish? (Select two).
Suggested Answer: B,D Vote an answer
The Python script mentioned in the question is designed to send HTTP requests using different methods ('OPTIONS', 'TRACE', 'TEST') to a specified URL ('http://server.net') and print out the method used along with the status code and reason for each response. The key objectives of this script are:
* HTTP Methods Availability (B): By cycling through different HTTP methods, the script checks which methods are supported by the web server. This can reveal potential vulnerabilities, as certain methods like 'TRACE' can be exploited in certain situations (e.g., Cross Site Tracing (XST) attacks).
* Web Server Fingerprinting (D): The response to different HTTP methods can provide clues about the web server's software and configuration, contributing to server fingerprinting. This information can be used to tailor further attacks or understand the security posture of the server.
This script is not designed for causing a denial of service, detecting web application firewalls, examining error handling, or performing banner grabbing directly, which excludes options A, C, E, and F.
* HTTP Methods Availability (B): By cycling through different HTTP methods, the script checks which methods are supported by the web server. This can reveal potential vulnerabilities, as certain methods like 'TRACE' can be exploited in certain situations (e.g., Cross Site Tracing (XST) attacks).
* Web Server Fingerprinting (D): The response to different HTTP methods can provide clues about the web server's software and configuration, contributing to server fingerprinting. This information can be used to tailor further attacks or understand the security posture of the server.
This script is not designed for causing a denial of service, detecting web application firewalls, examining error handling, or performing banner grabbing directly, which excludes options A, C, E, and F.
by Deborah at Aug 12, 2024, 04:54 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).