CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

During a security assessment of a web application, you discover that a component of the software is affected by a documented security weakness that permits unauthorized code execution on the server. This flaw is noted as having a unique identifier in a globally recognized database for security weaknesses. What is your FIRST course of action to acquire detailed and trustworthy information about this specific issue?

  • Use the specific security flaw identifier to query the National Vulnerability Database (NVD) for extensive details about the weakness.

  • Deploy an automated scanning tool to run a general vulnerability check in hopes it will flag and provide details regarding the issue.

  • Browse community forums for discussions related to the vulnerability, hoping to find informal patches or mitigation strategies.

  • Craft a proof-of-concept to exploit the weakness based solely on the general knowledge of the component's issue.

This question is for objective:
Information Gathering and Vulnerability Scanning
Your Score:
Information Gathering and Vulnerability Scanning
Attacks and Exploits
Reporting and Communication
Tools and Code Analysis
Planning and Scoping