PT0-003
Vulnerability Discovery and Analysis
medium
Question 6 of 17

A penetration tester performs an unauthenticated vulnerability scan and receives a result flagging a service as vulnerable to a known CVE. Before attempting exploitation, what step should the tester take to reduce false positives?

AImmediately exploit the vulnerability to confirm it
BValidate the finding by manually verifying the service version and checking if the vulnerable code path exists
CRe-run the scan with a different scanner
DReport the finding without further validation

More Vulnerability Discovery and Analysis Questions

17 questions

Full CompTIA PenTest+ Practice Test

All topics covered

All CompTIA PenTest+ Questions

Browse by topic

Related Questions

Which vulnerability scanning tool is commonly associated with credentialed (authenticated) scanning ...

easy

A penetration tester is performing DAST (Dynamic Application Security Testing) on a web application....

medium

A penetration tester reviews a Nessus scan report and notices that a Windows server is flagged for M...

hard

A penetration tester is using Nikto to scan a web server. What category of vulnerabilities is Nikto ...

medium

A penetration tester performs a credentialed Nessus scan of a Linux server and receives a critical f...

hard
View all Vulnerability Discovery and Analysis questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account