Free CompTIA PenTest+ PT0-002 Practice Question

During an authorized penetration test, you have discovered an outdated web server software running on a client's production server. Given the nature of the software, it is susceptible to a known remote code execution (RCE) vulnerability that allows an attacker to run arbitrary code on the server. What is the MOST responsible and professional action to take next?

  • Run a proof-of-concept to confirm the vulnerability's exploitability before informing the client.

  • Exploit the vulnerability to demonstrate the severity to the client without causing any harm to the server.

  • Ignore the vulnerability since it is the client's responsibility to keep software updated, not the tester's.

  • Report the vulnerability with details of the affected software, the vulnerability's impact, and suggested remediation steps to the client.

This question's topic:
CompTIA PenTest+ PT0-002 / 
Information Gathering and Vulnerability Scanning
Your Score:

Check or uncheck an objective to set which questions you will receive.