Examice

Exam GPEN All QuestionsBrowse all questions from this exam

Question 10

A junior penetration tester at your firm is using a non-transparent proxy for the first time to test a web server. He sees the web site In his browser but nothing shows up In the proxy. He tells you that he just installed the non-transparent proxy on his computer and didn't change any defaults. After verifying the proxy is running, you ask him to open up his browser configuration, as shown in the figure, which of the following recommendations will correctly allow him to use the transparent proxy with his browser?

He should change the PORT: value to match the port used by the non-transparentproxy.

He should select the checkbox "use this proxy server for all protocols" for theproxy to function correctly.

He should change the HTTP PROXY value to 127.0.0.1 since the non-transparentproxy is running on the same machine as the browser.

He should select NO PROXY instead of MANUAL PROXY CONFIGURATION as thissetting is only necessary to access the Internet behind protected

Correct Answer: A

The junior penetration tester can see the website in his browser but nothing shows up in the proxy because the port might not be correctly configured. The non-transparent proxy, also known as an explicit proxy, requires the browser to be configured to send traffic to the proxy's port. The default value shown in the HTTP proxy port field is 80, which is typically reserved for HTTP traffic and may not be the port the non-transparent proxy is listening on. To correctly use the non-transparent proxy with his browser, he should change the port value to match the port used by the non-transparent proxy.

Discussion

devnullOption: A

I think A is right. Since he is specifying localhost as the proxy address, he should get the same result as specifying 127.0.0.1. Therefore, I think C is inappropriate.