🎖️🏵️ Memorial Weekend Sale — 30% off🎖️🏵️

CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

During an authorized penetration test, you have discovered an outdated web server software running on a client's production server. Given the nature of the software, it is susceptible to a known remote code execution (RCE) vulnerability that allows an attacker to run arbitrary code on the server. What is the MOST responsible and professional action to take next?

  • Exploit the vulnerability to demonstrate the severity to the client without causing any harm to the server.

  • Ignore the vulnerability since it is the client's responsibility to keep software updated, not the tester's.

  • Run a proof-of-concept to confirm the vulnerability's exploitability before informing the client.

  • Report the vulnerability with details of the affected software, the vulnerability's impact, and suggested remediation steps to the client.

This question is for objective:
Information Gathering and Vulnerability Scanning
Your Score:
Information Gathering and Vulnerability Scanning
Attacks and Exploits
Reporting and Communication
Tools and Code Analysis
Planning and Scoping