PT0-002 Question #438: Real Exam Question with Answer & Explanation

Question

During a security assessment, a penetration tester decides to write the following Python script: import requests x= ['OPTIONS', 'TRACE', 'TEST'l for y in x; print(y, z.status_code, z.reason) Which of the following is the penetration tester trying to accomplish? (Select two).

Options

• AWeb server denial of service
• BHTTP methods availability
• C'Web application firewall detection
• D'Web server fingerprinting
• EWeb server error handling
• FWeb server banner grabbing

Explanation

The Python script mentioned in the question is designed to send HTTP requests using different method used along with the status code and reason for each response. The key objectives of this HTTP Methods Availability (B): By cycling through different HTTP methods, the script checks which methods are supported by the web server. This can reveal potential vulnerabilities, as certain methods like 'TRACE' can be exploited in certain situations (e.g., Cross Site Tracing Web Server Fingerprinting (D): The response to different HTTP methods can provide clues about the web server's software and configuration, contributing to server fingerprinting. This information can be used to tailor further attacks or understand the security posture of the server. This script is not designed for causing a denial of service, detecting web application firewalls, examining error handling, or performing banner grabbing directly, which excludes options A, C, E, and F.

No community discussion yet for this question.