Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam PT0-003 Topic 4 Question 1 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 1
Topic #: 4
[All PT0-003 Questions]

A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts. The executive report outlines the following information:

Server High-severity vulnerabilities

1. Development sandbox server 32

2. Back office file transfer server 51

3. Perimeter network web server 14

4. Developer QA server 92

The client is concerned about the availability of its consumer-facing production application. Which of the following hosts should the penetration tester select for additional manual testing?

Show Suggested Answer Hide Answer
Suggested Answer: C

Client Concern:

Availability: The client is specifically concerned about the availability of their consumer-facing production application. Ensuring this application is secure and available is crucial to the business.

Server Analysis:

Server 1 (Development sandbox server): Typically not a production server; vulnerabilities here are less likely to impact the consumer-facing application.

Server 2 (Back office file transfer server): Important but generally more internal-facing and less likely to directly affect the consumer-facing application.

Server 3 (Perimeter network web server): Likely hosts the consumer-facing application or critical services related to it. High-severity vulnerabilities here could directly impact availability.

Server 4 (Developer QA server): Similar to Server 1, more likely to be used for testing rather than production, making it less critical for immediate manual testing.

Pentest Reference:

Risk Prioritization: Focus on assets that have the most significant impact on business operations, especially those directly facing consumers.

Critical Infrastructure: Ensuring the security and availability of web servers exposed to the internet as they are prime targets for attacks.

By selecting Server 3 (the perimeter network web server) for additional manual testing, the penetration tester addresses the client's primary concern about the availability and security of the consumer-facing production application.


Contribute your Thoughts:

Anjelica
3 months ago
I see your point, Lili. Server 4 does have the highest severity vulnerabilities, so it might be the best choice for manual testing.
upvoted 0 times
...
Lili
4 months ago
I disagree, I believe Server 4 should be selected for manual testing as it has the highest severity vulnerabilities.
upvoted 0 times
...
Reuben
4 months ago
I agree with Darnell, Server 2 seems like a critical host to focus on.
upvoted 0 times
...
Rebbecca
4 months ago
Server 1 with only 32 high-severity vulnerabilities? Piece of cake! The penetration tester should focus on the more critical hosts, like the Perimeter network web server (Server 3).
upvoted 0 times
...
Darnell
4 months ago
I think we should select Server 2 for additional manual testing.
upvoted 0 times
...
Tammi
4 months ago
Haha, good luck to the penetration tester trying to figure out what's going on with that Back office file transfer server (Server 2). 51 high-severity vulnerabilities? That's a real mess!
upvoted 0 times
...
Marlon
4 months ago
Hmm, 92 high-severity vulnerabilities on the Developer QA server (Server 4)? Yikes, that's a lot! I'd definitely prioritize that one for further testing.
upvoted 0 times
Elenor
2 months ago
Let's make sure to focus on Server 4 to ensure the consumer-facing application is secure.
upvoted 0 times
...
Lino
2 months ago
Agreed, it's a critical server that needs attention.
upvoted 0 times
...
Lashaun
2 months ago
Definitely, we should prioritize that one for further testing.
upvoted 0 times
...
Essie
3 months ago
Wow, 92 vulnerabilities on Server 4 is a lot!
upvoted 0 times
...
...
Bobbye
4 months ago
The client is concerned about the availability of its consumer-facing production application, so the penetration tester should focus on the Perimeter network web server (Server 3). That's the most critical host in this scenario.
upvoted 0 times
Anabel
3 months ago
I think Server 3 is the best choice for manual testing to address the client's concerns.
upvoted 0 times
...
Alysa
4 months ago
Agreed, Server 3 is the most critical host for the consumer-facing production application.
upvoted 0 times
...
Cory
4 months ago
Let's focus on the Perimeter network web server (Server 3) for manual testing.
upvoted 0 times
...
Carey
4 months ago
Agreed, Server 3 is the most critical host for the consumer-facing production application.
upvoted 0 times
...
Blondell
4 months ago
Let's focus on Server 3, the Perimeter network web server, for additional manual testing.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77