Exam PT0-003 Topic 2 Question 154 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 154
Topic #: 2
A penetration tester cannot find information on the target company's systems using common OSINT methods.
The tester's attempts to do reconnaissance against internet-facing resources have been blocked by the company's WAF. Which of the following is the best way to avoid the WAF and gather information about the target company's systems?

Suggested Answer: B Vote an answer

When traditional reconnaissance methods are blocked, scanning code repositories is an effective method to gather information. Here's why:
* Code Repository Scanning:
* Leaked Information: Code repositories (e.g., GitHub, GitLab) often contain sensitive information, including API keys, configuration files, and even credentials that developers might inadvertently commit.
* Accessible: These repositories can often be accessed publicly, bypassing traditional defenses like WAFs.
* Comparison with Other Methods:
* HTML Scraping: Limited to the data present on web pages and can still be blocked by WAF.
* Directory Enumeration: Likely to be blocked by WAF as well and might not yield significant internal information.
* Port Scanning: Also likely to be blocked or trigger alerts on WAF or IDS/IPS systems.
Scanning code repositories allows gathering a wide range of information that can be critical for further penetration testing effort

by Cheryl at Jun 29, 2026, 10:47 AM

Limited Time Offer

15%

Off

Get Premium PT0-003 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10