PT0-003 · Question #136
PT0-003 Question #136: Real Exam Question with Answer & Explanation
Sign in or unlock PT0-003 to reveal the answer and full explanation for question #136. The question stem and answer options stay visible for context.
Question
SIMULATION A penetration tester performs several Nmap scans against the web application for a client. INSTRUCTIONS Click on the WAF and servers to review the results of the Nmap scans. Then click on each tab to select the appropriate vulnerability and remediation options. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Answer: Most likely vulnerability: Perform a SSRF attack against App01.example.com from CDN.example.com. The scenario suggests that the CDN network (with a WAF) can be used to perform a Server-Side Request Forgery (SSRF) attack. Since the penetration tester has the pentester workstation interacting through the CDN/WAF and the production network is behind it, the most plausible attack vector is to exploit SSRF to interact with the internal services like App01.example.com. Two best remediation options: Restrict direct communications to App01.example.com to only approved components. Require an additional authentication header value between CDN.example.com and App01.example.com. Restrict direct communications to App01.example.com to only approved components: This limits the exposure of the application server by ensuring that only specified, trusted entities can communicate with it. Require an additional authentication header value between CDN.example.com and App01.example.com: Adding an authentication layer between the CDN and the app server helps ensure that requests are legitimate and originate from trusted sources, mitigating SSRF and other indirect attack vectors. Nmap Scan Observations: CDN/WAF shows open ports for HTTP and HTTPS but filtered for MySQL, indicating it acts as a filtering layer. App Server has open ports for HTTP, HTTPS, and filtered for MySQL. DB Server has all ports filtered, typical for a database server that should not be directly accessible. These findings align with the SSRF vulnerability and the appropriate remediation steps to enhance the security of internal communications.
Options
- taskIdentify 'Perform a SSRF attack against App01.example.com from CDN.example.com' as the most likely vulnerability based on Nmap scan results, and then select the appropriate remediation options.
- prerequisites
Unlock PT0-003 to see the answer
You've previewed enough free PT0-003 questions. Unlock PT0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.