PT0-002 · Question #302
PT0-002 Question #302: Real Exam Question with Answer & Explanation
The correct answer is A: The web server is using a WAF.. {"question_number": 10, "correct_answer": "A", "explanation": "A Web Application Firewall (WAF) is specifically designed to detect and block malicious or anomalous HTTP/S traffic. When a WAF identifies suspicious patterns - such as scanning, fuzzing, or attack signatures common i
Question
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?
Options
- AThe web server is using a WAF.
- BThe web server is behind a load balancer.
- CThe web server is redirecting the requests.
- DThe local antivirus on the web server Is rejecting the connection.
Explanation
{"question_number": 10, "correct_answer": "A", "explanation": "A Web Application Firewall (WAF) is specifically designed to detect and block malicious or anomalous HTTP/S traffic. When a WAF identifies suspicious patterns - such as scanning, fuzzing, or attack signatures common in penetration testing - it can respond by sending TCP RST (reset) packets to immediately terminate the connection rather than simply dropping packets silently. This RST behavior is a distinctive WAF signature. A load balancer (B) distributes traffic but does not generate RSTs in response to assessment activity. HTTP redirects (C) use 3xx status codes, not TCP resets. Local antivirus software (D) typically operates at the application layer and does not directly inject TCP resets into network traffic.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.