ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 350 discussion

Actual exam question from CompTIA's PT0-002
Question #: 350
Topic #: 1
[All PT0-002 Questions]

A penetration tester is testing a company's public APIs. In researching the API URLs, the penetration tester discovers that the URLs resolve to a cloud-hosted WAF service that is blocking the penetration tester's attack attempts. Which of the following should the tester do to best ensure the attacks will be more successful?

  • A. Increase the volume of attacks to enable more to possibly slip through.
  • B. Vary the use of upper and lower case characters in payloads to fool the WAF.
  • C. Use multiple source IP addresses for the attack traffic to prevent being blocked.
  • D. Locate the company's servers that are hosting the API and send the traffic there.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by mat22 at Aug. 9, 2024, 11:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kinny4000
2 months, 2 weeks ago
Selected Answer: D
Using multiple IPs may bypass basic IP-based blocking, but it does not bypass the WAF itself, which still inspects traffic for malicious patterns. The API may not be being DOS'ed, it could just be being exploited, in that case the WAF will still block all exploit attempts no matter what IP it comes from. Direct to origin attack will "best ensure the attacks will be more successful"
upvoted 3 times
...
overarch384
6 months ago
Selected Answer: D
Gemini says D
upvoted 2 times
...
IamBlackFire
6 months, 1 week ago
Selected Answer: C
Silly question, as usual. DDoS mitigation often uses an architecture in which a CDN or large reverse proxies are placed in front of the web services as a protection layer. However, sophisticated attackers will attempt to reveal the origin network or IP address and attack directly, making the mitigation layer completely useless. This attack is called ‘Direct-to-Origin’ or in short ‘D2O‘. This attack technique challenges organizations to either hide their sources (which is not always feasible), or mitigate the direct attack. The DDoS Resiliency Score (DRS) include this technique in attack vectors launched specified in ‘Level 6’ and ‘Level 7’. Imo there are not enough elements to think of a Direct-to-origin attacks, so i vote for C.
upvoted 2 times
IamBlackFire
6 months, 1 week ago
D2O attacks are a form of DDoS attack that works to bypass content delivery networks (CDNs) or other load distribution and proxying tools and attack the underlying service infrastructure. They are intended to negate the protections and capacity provided by CDNs, allowing attackers to target a less scalable or less protected service. They rely on the ability of attackers to determine the original IP address(es) of the service, so [...]. {from Mike Chapple and David Seidl book}
upvoted 2 times
...
...
a87d6a4
6 months, 3 weeks ago
Selected Answer: D
D. Locate the company's servers that are hosting the API and send the traffic there. Explanation: Bypassing the WAF by directly targeting the servers hosting the API avoids the issue of dealing with the filtering and inspection that the WAF provides. This option represents a more advanced technique where the attacker seeks to send traffic to a backend system, avoiding the WAF entirely. Why not C: Multiple source IP addresses (Option C) could work against simpler WAF configurations, but modern, sophisticated WAFs can detect distributed attacks and block such traffic, as highlighted by both comments.
upvoted 2 times
...
wdmssk
7 months, 1 week ago
Selected Answer: C
Modern WAFs are indeed capable of detecting distributed attacks coming from multiple IPs. However, D assumes a high level of infrastructure visibility that is not mentioned in the question.
upvoted 2 times
...
mat22
8 months, 2 weeks ago
Answer is D. Answer can't be C. Using multiple source IP addresses for the attack traffic to prevent being blocked: While this might help in evading basic rate limiting or IP-based blocking, sophisticated WAFs can detect and block such techniques. It doesn’t address the core issue of the WAF filtering and inspecting traffic.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago