nerdexam
GIAC

GCIH · Question #512

What is a penetration tester likely to be looking to accomplish with the following screen?

The correct answer is A. Find versions of software with known vulnerabilities. The FOCA metadata analysis finds the versions of software documents were created with and if there are versions with known vulnerabilities, it represents a potential avenue of access, unless it's been updated since the document was posted.

Reconnaissance, Scanning, and Enumeration

Question

What is a penetration tester likely to be looking to accomplish with the following screen?

Exhibit

GCIH question #512 exhibit

Options

  • AFind versions of software with known vulnerabilities
  • BFind clients on the network for exploitation
  • CFind software with expired licenses
  • DLook for operating systems with known vulnerabilities

How the community answered

(39 responses)
  • A
    90% (35)
  • B
    3% (1)
  • C
    5% (2)
  • D
    3% (1)

Explanation

The FOCA metadata analysis finds the versions of software documents were created with and if there are versions with known vulnerabilities, it represents a potential avenue of access, unless it's been updated since the document was posted.

Topics

#version scanning#service enumeration#vulnerability identification#penetration testing

Community Discussion

No community discussion yet for this question.

Full GCIH Practice