CompTIA
PT0-001 · Question #80
PT0-001 Question #80: Real Exam Question with Answer & Explanation
The correct answer is A: Unsecure service and protocol configuration. When replicating a vulnerable application environment in a VM for penetration testing, confirming that unsecure service and protocol configurations are accurately reproduced is the most critical step.
Vulnerability discovery and analysis
Question
A software development team recently migrated to new application software on the on-premises environment Penetration test findings show that multiple vulnerabilities exist If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM. Which of the following is MOST important for confirmation?
Options
- AUnsecure service and protocol configuration
- BRunning SMB and SMTP service
- CWeak password complexity and user account
- DMisconfiguration
Explanation
When replicating a vulnerable application environment in a VM for penetration testing, confirming that unsecure service and protocol configurations are accurately reproduced is the most critical step.
Common mistakes.
- B. Verifying that services like SMB and SMTP are running is relevant but insufficient - confirming they are configured insecurely as found in the original findings is what enables meaningful vulnerability reproduction.
- C. Weak password complexity is a contributing factor but is a narrower subset of the overall insecure configuration problem and does not address service-level vulnerability replication.
- D. Misconfiguration is too broad and non-specific to serve as a precise confirmation step compared to explicitly verifying unsecure service and protocol configurations.
Concept tested. Replicating vulnerable service configurations in isolated VM
Topics
#test environment#VM replication#service configuration#vulnerability confirmation
Community Discussion
No community discussion yet for this question.