ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 130 discussion

Actual exam question from CompTIA's PT0-001
Question #: 130
Topic #: 1
[All PT0-001 Questions]

A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?

  • A. Exploits for vulnerabilities found
  • B. Detailed service configurations
  • C. Unpatched third-party software
  • D. Weak access control configurations
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by novac1111 at Oct. 25, 2020, 12:22 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
novac1111
Highly Voted 4 years, 6 months ago
Answer B. Remember that a credentialed scan allow you to check configuration of the system in order to validate certain vulnerabilities findings.
upvoted 15 times
someguy1393
4 years, 4 months ago
I agree, B makes the most sense to me.
upvoted 3 times
who__cares123456789___
4 years, 3 months ago
however, most of the time it is best to run a credentialed scan against a target to get a full picture of the attack surface. An authenticated scan requires you to provide the scanner with a set of credentials that have root-level access to the system. The reason for this is that the scanner actually logs in to the target via SSH or some other mechanism. It then runs commands like netstat to gather information from inside the host. Many of the commands that the scanner runs require root-level access to be able to gather the correct information from the system. Figure 3-41 shows the netstat command run by a non-privileged user and then run again by a root user. You can see that the output is different for the different user-level permissions. Specifically, notice that when running as the user ron, the PID/Program name is not available, and when running as the user root, that information is displayed.
upvoted 1 times
...
...
...
kloug
Most Recent 2 years, 2 months ago
bbbbbbbbb
upvoted 1 times
...
miabe
2 years, 9 months ago
Selected Answer: B
looks good to me
upvoted 1 times
...
cuernov
3 years ago
Selected Answer: B
Answer is B
upvoted 1 times
...
baybay
3 years, 1 month ago
Selected Answer: B
The authenticated scans provide more details so I'd say B
upvoted 1 times
...
Joker20
3 years, 10 months ago
Answer B Pentest just exploit not vulnerability scanner
upvoted 1 times
...
ade2901296
4 years ago
Answer A. Credentialed Scanning - Delegate (and revoke) credentials appropriately. Credentialed scanning entails conducting a vulnerability assessment... Debunk the bandwidth myth. By virtue of its increased access, credentialed scanning's effectiveness in discovering...
upvoted 2 times
...
boyladdudeman
4 years, 1 month ago
B is the correct answer, credential scans give you the most insight to configs
upvoted 2 times
...
kollie
4 years, 4 months ago
A: Credential-based vulnerability assessment, which make use of the admin account, do a more thorough check by looking for problems that cannot be seen from the network.
upvoted 2 times
TheThreatGuy
4 years, 3 months ago
I do not believe you are looking at this correctly.... A credentialed scan provides exploits and a non-credentialed scan does not? Thats a negative.... Credentialed scan will give better insight into configurations due to increased privilege.
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago