PT0-003 · Question #161
PT0-003 Question #161: Real Exam Question with Answer & Explanation
Sign in or unlock PT0-003 to reveal the answer and full explanation for question #161. The question stem and answer options stay visible for context.
Question
A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information: - Server-side request forgery vulnerability in test.comptia.org - Reflected cross-site scripting vulnerability in test2.comptia.org - Publicly accessible storage system named static_comptia_assets - SSH port 22 open to the internet on test3.comptia.org - Open redirect vulnerability in test4.comptia.org Which of the following of the attack paths should the tester prioritize first?
Options
- ASynchronize all the information from the public bucket and scan it with Trufflehog.
- BRun Pacu to enumerate permissions and roles within the cloud-based systems.
- CPerform a full dictionary brute-force attack against the open SSH service using Hydra.
- DUse the reflected cross-site scripting attack within a phishing campaign to attack administrators.
- ELeverage the SSRF to gain access to credentials from the metadata service.
Unlock PT0-003 to see the answer
You've previewed enough free PT0-003 questions. Unlock PT0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.