ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 312 discussion

Actual exam question from CompTIA's PT0-002
Question #: 312
Topic #: 1
[All PT0-002 Questions]

A penetration tester is conducting an engagement for a company and has identified a vulnerable web application. During the reconnaissance phase the tester discovers that the internal web application contains end-of-life components. Which of the following is the most appropriate next step?

  • A. Report the vulnerability to the company’s IT department and provide the department with detailed information for patching the application
  • B. Perform a brute-force attack on the web application’s log-in page to test the strength of user passwords
  • C. Launch a denial-of-service attack against the web application to disrupt its availability and expose potential vulnerabilities
  • D. Exploit the vulnerability to gam access to the web application’s back-end systems
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Kmelaun at Aug. 10, 2024, 5:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
euca2023
2 months, 3 weeks ago
Selected Answer: A
During the "reconnaissance" phase
upvoted 1 times
...
IamBlackFire
8 months, 2 weeks ago
I'm confused, as always. I would say D, but perhaps for a company is not acceptable to has an end-of-life application running, so the team should tell immediately to them. What do you think?
upvoted 4 times
...
a87d6a4
9 months ago
"Exploit the vulnerability to gam access"
upvoted 1 times
...
uselessscript
9 months, 3 weeks ago
Selected Answer: D
You would exploit the vulnerability and include it in your report at the end of your assessment.
upvoted 4 times
...
Kmelaun
10 months, 3 weeks ago
You can not patch end of life components, I don’t think it’s A. If you are a penetration tester you would exploit the vulnerability. You wouldn’t report it.
upvoted 2 times
IamBlackFire
8 months, 2 weeks ago
Yes, you can patch an end-of-life application. You can't do that with an end-of-support application (if always has the last version), though.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel