CompTIA PenTest+ PT0-002 Practice Question
During a security assessment of a web application, you discover that a component of the software is affected by a documented security weakness that permits unauthorized code execution on the server. This flaw is noted as having a unique identifier in a globally recognized database for security weaknesses. What is your FIRST course of action to acquire detailed and trustworthy information about this specific issue?
Browse community forums for discussions related to the vulnerability, hoping to find informal patches or mitigation strategies.
Deploy an automated scanning tool to run a general vulnerability check in hopes it will flag and provide details regarding the issue.
Craft a proof-of-concept to exploit the weakness based solely on the general knowledge of the component's issue.
Use the specific security flaw identifier to query the National Vulnerability Database (NVD) for extensive details about the weakness.