A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline. Which of the following should the penetration tester perform to verify compliance with the baseline?
The answer should be D, you would need to have a credentialed scan in order to check the applications installed and patch levels on base lined systems.
It will depend on the type of pentest if it was a white box, it will most definitely be D, Nevertheless this type of tricky question does not specify and as a pentester you might not get credentials making A the right anwser.
Hey,
SYBEX | PenTest+ Practice Test | Chapter 2 | Information Gathering and Vulnerability Identificationn | Question 147
Book says "Discovery scan"
It's A
maybe D is correct.
But I need pass the exam.
so, should I choose A?
OMG.
I check the Offical Study Guide (Topic 4A), It 's said:
Types of scans:
• Discovery scan
• Full scan
• Stealth scan
• Compliance scan
SO. I choose A. For the exam!....
D.Credentialed scans are ideal for compliance-based audits of system settings such
as password policies, local group membership, and local file permissions.
I feel like it would be D as why would a company run black box tests for compliance of it's software? makes more sense to give it a white box environment which would make D suitable.
Since there is a lack of info given, I can only assume the best answer is the one that is going to provide us the most accurate return. Thus I would choose credentialed scan.
The answer says A but to get a patch posture of an asset would require credentials scan. I think the tricky part here is that the word penetration tester, that is why A which is discovery scan is considered here as correct as it equates this as a reconnaissance from the tester. If this was a CySA+ exam possibly D is the correct no doubt. Hmm..
A penetration tester is performing a remote scan to determine if the server farm ("server farm") A server farm or server cluster is a collection of computer servers
Not sure if the tester would need to go that deep just to verify compliance with the company's software baseline or you must run a full scan in order to have all possible details about the vulnerabilities from each server.
PenTest+ Practice Tests Book
A. - A discovery scan identifies the operating systems that are running on a network, maps those systems to IP addresses, and enumerates the open ports and services on those systems. Discovery scans provide penetration testers with an automated way to identify hosts that exist on the network and build an asset inventory.
Another tricky one. The best answer should be a non-existing Compliance Scan as per Sybex's own definition:
Compliance scanning focuses on the configuration settings or the security
hardening that is being applied to a system. When a compliance scan is performed
against a single computing system, it produces a report that defines how well the
system is hardened against the selected compliance framework. Compliance scans
are not designed to locate vulnerabilities in software applications or operating
systems but are designed to locate and assess vulnerabilities in system hardening
configurations. In this scenario, since you are seeing more assets on the network
than what was provided in the network architecture, you can attribute that to having
limited network access or storage access.
But since they didn't want to make it too obvious, I would go for D too as it's the only vulnerability scan type from the options.
https://security.berkeley.edu/faq/nessus-network-vulnerability-scanning/how-do-i-run-credentialed-nessus-scan-windows-computer
It will depend on the type of pentest if it was a white box, it will most definitely be D, Nevertheless this type of tricky question does not specify and as a pentester you might not get credentials making A the right anwser.
SYBEX | PenTest+ Practice Test | Chapter 2 | Information Gathering and Vulnerability Identificationn | Question 147
Book says "Discovery scan"
I think the book is wrong a Discovery Scan identifies hosts.
I think Credentialed Scan but also could be Full scan.
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AnAverageUser3656
Highly Voted 5 years, 5 months agotoroloco
4 years, 5 months agokloug
Most Recent 2 years, 2 months agomiabe
2 years, 9 months agoCock
3 years, 2 months agocvMikazuki
3 years, 6 months agoversun
3 years, 10 months agoversun
3 years, 10 months agoversun
3 years, 10 months agoDrChats
3 years, 9 months agoMrYudism
3 years, 10 months agoqt23
3 years, 7 months agosmalltech
3 years, 10 months agosam9710
3 years, 10 months agoTheThreatGuy
4 years, 3 months agobyrne
4 years, 4 months agoMarlon_Franco22
4 years, 7 months ago[Removed]
4 years, 8 months agoboblee
4 years, 10 months agoD1960
4 years, 11 months agomr_robot
4 years, 10 months agomr_robot
5 years agomr_robot
4 years, 11 months agomr_robot
4 years, 10 months agotoroloco
4 years, 5 months agojon34thna
5 years, 1 month agoamankry
5 years, 4 months ago