🎖️🏵️ Memorial Weekend Sale — 30% off🏵️🎖️

15 hours, 7 minutes remaining!
CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

A penetration tester is evaluating the security of a new mobile banking application. Upon reviewing the app's architecture, the tester discovers that the application is using an outdated third-party library known to have critical vulnerabilities that could lead to remote code execution. Before reporting this finding, the tester seeks to validate the vulnerability. Which of the following steps should the tester take to confirm the vulnerability?

  • Analyze public vulnerability reports of the outdated library to create a proof-of-concept exploit confirming the issue.

  • Intercept traffic between the mobile application and its backend services to identify information leaks.

  • Scan the application with a generic mobile vulnerability assessment tool to identify all possible weaknesses.

  • Modify the app source code to patch the library and observe changes in the app's behavior during runtime.

This question is for objective:
Attacks and Exploits
Your Score:
Attacks and Exploits
Information Gathering and Vulnerability Scanning
Reporting and Communication
Tools and Code Analysis
Planning and Scoping