Exam PT0-002 topic 1 question 44 discussion

A. Exploiting a configuration weakness in the SQL database It would be ethical within the scope of the assessment for the penetration testers to exploit a configuration weakness in the SQL database. The objective of the assessment is to gain access to the human resources server that houses PII and salary data, and exploiting a configuration weakness in the database is an appropriate action to take in order to achieve that objective.

The ethical action within the scope of the assessment would be exploiting a configuration weakness in the SQL database. By exploiting a configuration weakness in the SQL database, the penetration testers can gain access to the data without introducing malicious tactics or software into the environment. Additionally, this type of attack is an example of application-layer attack and does not involve physical compromise.

In the context of a scoped insider-threat assessment, the ethical action would be A. Exploiting a configuration weakness in the SQL database is a common and accepted method in penetration testing to identify vulnerabilities and assess the security posture of the system. It falls within the scope of testing for weaknesses and does not involve introducing malicious software or compromising the integrity of the network. The other options involve actions that are generally considered unethical or outside the scope of a typical penetration test:

I agree with option A, it's more sensible and closer to the question. B. not sure how intercepting outbound traffic can give access to server, unless it's an authentication packet but will not do any good because TLS encrypted (not in plain text) C. using malware is unethical and maybe disruptive D. client certificate could work for authentication but it doesn't say internal CA is in or out of scope E. this is more likely if you're simulating an APT but out of the question

" internal network starting position" Answer is B....remember, CompTIA likes to confuse

It's B,because CompTia is all about "doing no harm", which in this case, an SQL injection has 'potential' for harm, even though in the real world, you're just looking to get it to spit out data.. anyways, the TLS answer, is the only passive answer on here, (despite being a waste of time)

Listen to the god, It's B.

In the context of a penetration test, the ethical actions are those that fall within the scope and rules of engagement agreed upon with the client. Since the scenario describes that the assessment is scoped to try to gain access to the human resources server housing PII and salary data, the actions that are relevant to this goal and don't unnecessarily escalate privileges or create undue risks would be considered ethical. From the given options: A. Exploiting a configuration weakness in the SQL database - This option aligns with the goal of trying to gain access to the specific server mentioned in the scenario. Since SQL databases might be involved in storing PII and salary data, exploiting a configuration weakness in the SQL database could be within the scope of the assessment.

In the context of a penetration test, the ethical actions are those that fall within the scope and rules of engagement agreed upon with the client. Since the scenario describes that the assessment is scoped to try to gain access to the human resources server housing PII and salary data, the actions that are relevant to this goal and don't unnecessarily escalate privileges or create undue risks would be considered ethical. From the given options: A. Exploiting a configuration weakness in the SQL database - This option aligns with the goal of trying to gain access to the specific server mentioned in the scenario. Since SQL databases might be involved in storing PII and salary data, exploiting a configuration weakness in the SQL database could be within the scope of the assessment.

Intercepting outbound TLS traffic can be considered ethical within the scope of the assessment. By intercepting outbound TLS traffic, the penetration testers can analyze and monitor network communication to identify any potential data leakage or unauthorized access attempts. This activity aligns with the objective of assessing insider threats and protecting sensitive data.

None of the options listed would be ethical within the scope of the assessment. The objective of the assessment is to identify potential insider threats, not to compromise systems or steal data. The actions described in options A, C, D, and E go beyond the scope of the assessment and could cause significant harm to the organization. Intercepting outbound TLS traffic, as described in option B, may be within scope if it is done in a controlled manner and with the organization's permission, but it should be carefully considered and documented beforehand. The focus of the assessment should be on identifying vulnerabilities and weaknesses in the organization's security controls related to insider threats, not on actively exploiting them.

Should be A

Definitely A. Why would you need to capture outbound traffic from an insider threat POV targeting an internal server? Gaining access to hosts by injecting malware [That seems ok] into the enterprise-wide update server. Wait What?! 0_o You're out of scope! You're going to pwn the entire network. Don't touch the CA. Enough said. No need to mess with the DC if you have been given an internal network starting position.

Question is asking on data, so the answer is A.

I think it's answer A