CompTIA PenTest+ (PT0-001) — Question 131

A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?

Answer options

• A. The penetration tester was not provided with a WSDL file.
• B. The penetration tester needs an OAuth bearer token.
• C. The tester has provided an incorrect password for the application.
• D. An IPS/WAF whitelist is in place to protect the environment.

Correct answer: B

Explanation

The most likely issue is that the penetration tester needs an OAuth bearer token to access the application, as many modern applications require this for authentication. The other options are less probable; a WSDL file is typically not necessary for web applications, incorrect passwords would usually generate an error message, and while an IPS/WAF could be in place, it is less likely than the need for an authentication token.