ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 407 discussion

Actual exam question from CompTIA's CS0-002
Question #: 407
Topic #: 1
[All CS0-002 Questions]

During the onboarding process for a new vendor, a security analyst obtains a copy of the vendor’s latest penetration test summary:


Performed by: Vendor Red Team -

Last performed: 14 days ago -



Which of the following recommendations should the analyst make first?

  • A. Perform a more recent penetration test.
  • B. Continue vendor onboarding.
  • C. Disclose details regarding the findings.
  • D. Have a neutral third party perform a penetration test.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Saphi at Sept. 27, 2023, 4 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
geenoe
1 year, 7 months ago
Selected Answer: C
Since the last pentest was 14 days ago, the vendor should be notified about the findings in order to remediate them
upvoted 1 times
...
Chilaqui1es
1 year, 8 months ago
Selected Answer: C
'recommendations should the analyst make FIRST' Sounds like it should be C because its important to know details during the test since some results seem to be critical (which could mean act now) and I would say AFTER (not first) get a 2nd opinion from a neutral to compare accuracy.
upvoted 2 times
...
kumax
1 year, 8 months ago
Selected Answer: D
ChatGPT In this scenario, the penetration test summary obtained from the vendor indicates a mix of findings, including some critical and high-severity issues. Given the findings and the recent date of the test, the first recommendation should be: D. Have a neutral third party perform a penetration test. This recommendation is based on the principle of an independent, unbiased assessment, which can provide a more objective evaluation of the vendor's security posture. The presence of critical and high-severity findings is a significant concern that should be addressed promptly. After the results of the neutral third-party test are available, you can decide whether to continue vendor onboarding (option B) or discuss details regarding the findings (option C). Another penetration test (option A) may not be as urgent as involving a neutral third party to validate the findings.
upvoted 1 times
kmordalv
1 year, 7 months ago
Today chatgpt says he doesn't know the correct answer, that it depends on the circumstances. What is clear is that the question does not shed light on the answer. Chatgpt answers as it has the day
upvoted 1 times
...
...
Saphi
1 year, 9 months ago
Selected Answer: D
Between A and D I would be more likely to say D as we don't know the trustworthiness of the vendors self-assessment or the effectiveness/accuracy of their vulnerability scans.
upvoted 1 times
Saphi
1 year, 9 months ago
Changing my answer to C.
upvoted 2 times
simpfemboy
1 year, 9 months ago
how come?
upvoted 1 times
simpfemboy
1 year, 9 months ago
question asks which of the following recommendations should the analyst make FIRST, looking at the time the latest ptest were performed I would ask as an analyst for a recent ptest.
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel