CompTIA PenTest+ (PT0-002) — Question 159

A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

Answer options

• A. The web server is using a WAF.
• B. The web server is behind a load balancer.
• C. The web server is redirecting the requests.
• D. The local antivirus on the web server Is rejecting the connection.

Correct answer: A

Explanation

The presence of a WAF (Web Application Firewall) is likely causing the TCP resets, as WAFs often block or reset connections that they interpret as malicious or suspicious. The other options, such as being behind a load balancer or redirecting requests, do not typically lead to TCP resets, and while local antivirus can block connections, it is less common for it to reset TCP connections outright.