Exam PT0-003 Topic 1 Question 91 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 91
Topic #: 1
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service.
Which of the following methods would BEST support validation of the possible findings?

Suggested Answer: B Vote an answer

Testing with proof-of-concept code from an exploit database is the best method to support validation of the possible findings, as it will demonstrate whether the CVEs are actually exploitable on the target VoIP call manager. Proof-of-concept code is a piece of software or script that shows how an attacker can exploit a vulnerability in a system or application. An exploit database is a repository of publicly available exploits, such as Exploit Database or Metasploit.
Reference: https://dokumen.pub/hacking-exposed-unified-communications-amp-voip-security-secrets-amp- solutions-2nd-edition-9780071798778-0071798773-9780071798761-0071798765.html

by Beck at Sep 10, 2024, 09:05 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10