Exam PT0-002 topic 1 question 18 discussion

I think the wording is tricky. Yes both applications scan for vulnerabilities but not all vulnerabilities. This indicates it will find vulnerability outside of WordPress and SQL based on the wording alone.

Identifying Vulnerabilities should be the clear choice

I can see both B & C being correct but I give the edge to B. While it is entirely possible he's limiting invasiveness based on the scope by just using tools tailored to the web server and database, the scope is never mentioned and there's no way we could possibly know the parameters of that scope. What we do know is that he's using SQLmap and WPScan, which would identify all the vulnerabilities in the enviornment mentioned above (Web server and database)

The penetration tester is using WPScan and SQLmap to identify vulnerabilities and gather additional information about the web servers and databases. WPScan is a tool used specifically for scanning WordPress installations for vulnerabilities, while SQLmap is a tool for identifying SQL injection vulnerabilities in web applications. By running these tools against the open ports discovered by Nmap, the penetration tester can gather more information about the systems and potentially identify vulnerabilities that can be exploited.

WPScan and SQLmap are tools used for scanning WordPress sites and SQL databases for vulnerabilities, respectively. By running these tools, a penetration tester is actively looking for vulnerabilities in web servers (with WPScan) and databases (with SQLmap). The intention behind this action aligns with the option to identify weaknesses and vulnerabilities within those specific systems, rather than a broader or more general assessment of the environment. Therefore, the correct answer to this question is: B. Identify all the vulnerabilities in the environment.

The penetration tester is trying to: B. Identify all the vulnerabilities in the environment. configurations that could be exploited for criminal activity, the primary goal of using WPScan and SQLmap is to find and identify vulnerabilities, not necessarily to uncover criminal activity. C. Limit invasiveness based on scope: • Running vulnerability scanning tools like WPScan and SQLmap might be part of the scope, but these tools can be invasive. The intent behind using these tools is to discover vulnerabilities, not necessarily to limit invasiveness.

I leaned toward B when I first read this but MAN I hate the way they word stuff like this. I hope I don't see this during my exam. Never have I seen so many professionals polarized on some of these questions before as I have with PT0-02.

WPScan is used for wordpress vulnerability SQLmap is used to find sql injection vulnerability. If the pentester already found opened doors with nmap, WPScan and SQLmap is just to complete ALL potential vulnerabilities not C because WPScan and SQLmap are not specified to limit invasiveness, the just find vulnerability in a specific purpose

However, considering the specificity of the tools (WPScan for WordPress vulnerabilities and SQLmap for SQL injection vulnerabilities), it would be more accurate to say the tester aims to identify specific vulnerabilities in the web servers and databases, but within the broader context, identifying vulnerabilities aligns with option B the closest.

I originally thought it was B but it seems to be that they included the nmap scan showing the specific port categories that were open as well as the word scope in the answer C. My logic is that the tester identified the scope using nmap and once he did that he then is limiting the testing to those specific ports in question thereby limiting the invasiveness of the testing overall and adhering to the scope.

I don't think using WPscan and SQLmap will reduce invasiveness

The answer is definitely B yall. The pentester scanned the WHOLE system and only found open WEB and DATABASE ports. Now the tester is using specific tools to exploit those services. Had the tester found other open services they would use more tools. So they arent limiting invasiveness they are exploiting everything that is POSSIBLE.

Agree with C. Trying to identify all vulnerabilities would probably include DoS and Buffer Overflows which can be invasive and will probably need scanner other than WPScan and SQLmap

The penetration tester uses these tools to find vulnerabilities within the defined scope, which might cover WordPress and SQL vulnerabilities, while making sure not to exceed the permitted testing boundaries

The correct answer is B. "C. Limit invasiveness based on scope" adds new information that is not contained in the question. Would you choose C if it said, "C. Limit invasiveness to reduce interference with end of year reports"?

So considdering the fact that the nmap showed open ports only on web server and databases we can safely assume that there are no other ports open. So the use of WPScan and SQL injection leads me to belive that the pentester is going for discovery of all vulnerabilities. B should be the right answer

I think its B, as tester wants to reveal more vulnerabilities . Invasion will come after exploitation..