CompTIA PenTest+ PT0-002 Practice Question

A penetration tester is evaluating the security of a new mobile banking application. Upon reviewing the app's architecture, the tester discovers that the application is using an outdated third-party library known to have critical vulnerabilities that could lead to remote code execution. Before reporting this finding, the tester seeks to validate the vulnerability. Which of the following steps should the tester take to confirm the vulnerability?

  • Intercept traffic between the mobile application and its backend services to identify information leaks.

  • Scan the application with a generic mobile vulnerability assessment tool to identify all possible weaknesses.

  • Analyze public vulnerability reports of the outdated library to create a proof-of-concept exploit confirming the issue.

  • Modify the app source code to patch the library and observe changes in the app's behavior during runtime.

CompTIA PenTest+ PT0-002
Attacks and Exploits
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot