ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT1-002 All Questions

View all questions & answers for the PT1-002 exam
Go to Exam

Exam PT1-002 topic 1 question 41 discussion

Actual exam question from CompTIA's PT1-002
Question #: 41
Topic #: 1
[All PT1-002 Questions]

A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?

  • A. Manually check the version number of the VoIP service against the CVE release
  • B. Test with proof-of-concept code from an exploit database
  • C. Review SIP traffic from an on-path position to look for indicators of compromise
  • D. Utilize an nmap ג€"sV scan against the service
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Davar39 at Jan. 7, 2022, 7:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Davar39
Highly Voted 3 years, 5 months ago
I'll go with B, no better validation than a POC.
upvoted 5 times
...
Charlieb123
Highly Voted 3 years, 2 months ago
Selected Answer: A
Why wouldn't you just: A- Manually check the version number of the VoIP service against the CVE release to confirm the scan results? You're a pen-tester, so you will be able to obtain this information. If the versions match, you note down a vulnerability in your findings and suggest updates in line with the CVE recommendations as remediation.
upvoted 5 times
shakevia463
2 years, 4 months ago
has identified several newly released CVEs on a VoIP call manager. presence of the CVEs based off the version number of the service. Sounds like b
upvoted 2 times
...
...
nerdo9
Most Recent 1 year, 1 month ago
I still don't see how A isn't the right answer. examtopics states, C is the correct answer.
upvoted 1 times
...
yeti87
1 year, 3 months ago
Selected Answer: B
It asks for: "Which of the following methods would BEST support validation of the possible findings?" In answer A you only check the version. This doesn't mean the system is necessarily affected. Might be a CVE that depends on certain configurations within the system. If it is not configured like in the CVE the system wouldn't be affected. In answer B you check if the system is actually affected by the CVE. Therefore this best supports the findings...
upvoted 1 times
...
bieecop
1 year, 11 months ago
I think A correct
upvoted 1 times
...
Anarckii
2 years ago
Selected Answer: A
A and B are both correct, but you would want to validate the version number manually first to confirm the results and then test your findings
upvoted 1 times
...
TheITStudent
2 years, 11 months ago
Selected Answer: B
This one is TOUGH. D is out because nmap or something like it has already been run, that's where the question starts. It seems like both A and B are possible correct answers. We dont have a SOW so we don't know if the pentester is allowed to run an exploit. It could be either one. What I would do, would be manually check the version, (to verify the scanners results) THEN if needed, test with the POC. The question of the "possible presence" based on version number of the service, to BEST support VALIDATION of the possible findings." I am going with B. I hope I don't get this question on the test.
upvoted 2 times
...
tahagoksoy
3 years, 3 months ago
I think it's D since you want to eliminate false positives from an automated scanner. it's simply confirming with the nmap to see if it's matches same version or not
upvoted 2 times
some_specialist
3 years, 3 months ago
good point, and after reading my comment below again there's a typical CompTIA catch that I totally missed: "possible presence"
upvoted 1 times
...
Adonist
3 years, 3 months ago
But their vulnerability scanning tool already did the job that nmap will do. They want to make sure it's vulnerable though and not a false positive. So scanning it again won't prove that
upvoted 1 times
...
...
some_specialist
3 years, 3 months ago
Selected Answer: B
The question says "The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service." Why would you scan it again after you've already got service information from a previous scan? This is why the answer should be B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel