New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 4 Question 1 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 1
Topic #: 4
[All PT0-003 Questions]

A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts. The executive report outlines the following information:

Server High-severity vulnerabilities

1. Development sandbox server 32

2. Back office file transfer server 51

3. Perimeter network web server 14

4. Developer QA server 92

The client is concerned about the availability of its consumer-facing production application. Which of the following hosts should the penetration tester select for additional manual testing?

Show Suggested Answer Hide Answer
Suggested Answer: C

Client Concern:

Availability: The client is specifically concerned about the availability of their consumer-facing production application. Ensuring this application is secure and available is crucial to the business.

Server Analysis:

Server 1 (Development sandbox server): Typically not a production server; vulnerabilities here are less likely to impact the consumer-facing application.

Server 2 (Back office file transfer server): Important but generally more internal-facing and less likely to directly affect the consumer-facing application.

Server 3 (Perimeter network web server): Likely hosts the consumer-facing application or critical services related to it. High-severity vulnerabilities here could directly impact availability.

Server 4 (Developer QA server): Similar to Server 1, more likely to be used for testing rather than production, making it less critical for immediate manual testing.

Pentest Reference:

Risk Prioritization: Focus on assets that have the most significant impact on business operations, especially those directly facing consumers.

Critical Infrastructure: Ensuring the security and availability of web servers exposed to the internet as they are prime targets for attacks.

By selecting Server 3 (the perimeter network web server) for additional manual testing, the penetration tester addresses the client's primary concern about the availability and security of the consumer-facing production application.


by Glenn at Aug 06, 2024, 01:06 PM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Marjory
3 months ago
92 vulnerabilities on Server 4? That sounds too high to be true.
upvoted 0 times
...
Nichelle
3 months ago
Wait, why not focus on Server 1? It has a lot of issues too!
upvoted 0 times
...
Kenneth
3 months ago
Agree, Server 2 seems like a bigger risk for production.
upvoted 0 times
...
Shawnda
4 months ago
I think Server 2 is more critical since it handles file transfers.
upvoted 0 times
...
Elroy
4 months ago
Server 4 has the highest vulnerabilities, definitely needs more testing.
upvoted 0 times
...
Georgene
4 months ago
I think I’d lean towards the back office file transfer server because it could impact data integrity, but I’m not completely confident about that choice.
upvoted 0 times
...
Keva
4 months ago
I practiced a similar question where we had to choose between different servers based on their criticality. I feel like the development servers might not be as urgent as the production ones.
upvoted 0 times
...
Kristeen
4 months ago
I’m not entirely sure, but I think the perimeter network web server might be the best choice since it interacts directly with external users.
upvoted 0 times
...
Lashonda
5 months ago
I remember we discussed prioritizing servers based on their role and the severity of vulnerabilities. The production-facing ones should be prioritized, right?
upvoted 0 times
...
Quentin
5 months ago
The question is a bit tricky. It's not clear which server hosts the production application, but the number of vulnerabilities is a good clue. I'll go with the server that has the most high-severity vulnerabilities, which is the developer QA server.
upvoted 0 times
...
Wava
5 months ago
Okay, I think I've got it. The client is concerned about the consumer-facing production application, so I should select the server that's closest to the end-users, which would be the perimeter network web server.
upvoted 0 times
...
Noah
5 months ago
This question seems straightforward. I'll focus on the servers with the highest number of high-severity vulnerabilities since the client is concerned about application availability.
upvoted 0 times
...
Merri
5 months ago
Hmm, I'm not sure which server to choose. The question mentions the client's concern about the production application, but it doesn't specify which server hosts that application. I'll need to think this through carefully.
upvoted 0 times
...
Stanford
5 months ago
Hmm, I'm not totally sure about this. I'll have to weigh the pros and cons of the different options to figure out the best answer.
upvoted 0 times
...
Anjelica
2 years ago
I see your point, Lili. Server 4 does have the highest severity vulnerabilities, so it might be the best choice for manual testing.
upvoted 0 times
...
Lili
2 years ago
I disagree, I believe Server 4 should be selected for manual testing as it has the highest severity vulnerabilities.
upvoted 0 times
...
Reuben
2 years ago
I agree with Darnell, Server 2 seems like a critical host to focus on.
upvoted 0 times
...
Rebbecca
2 years ago
Server 1 with only 32 high-severity vulnerabilities? Piece of cake! The penetration tester should focus on the more critical hosts, like the Perimeter network web server (Server 3).
upvoted 0 times
...
Darnell
2 years ago
I think we should select Server 2 for additional manual testing.
upvoted 0 times
...
Tammi
2 years ago
Haha, good luck to the penetration tester trying to figure out what's going on with that Back office file transfer server (Server 2). 51 high-severity vulnerabilities? That's a real mess!
upvoted 0 times
...
Marlon
2 years ago
Hmm, 92 high-severity vulnerabilities on the Developer QA server (Server 4)? Yikes, that's a lot! I'd definitely prioritize that one for further testing.
upvoted 0 times
Elenor
1 year ago
Let's make sure to focus on Server 4 to ensure the consumer-facing application is secure.
upvoted 0 times
...
Lino
1 year ago
Agreed, it's a critical server that needs attention.
upvoted 0 times
...
Lashaun
1 year ago
Definitely, we should prioritize that one for further testing.
upvoted 0 times
...
Essie
1 year ago
Wow, 92 vulnerabilities on Server 4 is a lot!
upvoted 0 times
...
...
Bobbye
2 years ago
The client is concerned about the availability of its consumer-facing production application, so the penetration tester should focus on the Perimeter network web server (Server 3). That's the most critical host in this scenario.
upvoted 0 times
Anabel
1 year ago
I think Server 3 is the best choice for manual testing to address the client's concerns.
upvoted 0 times
...
Alysa
2 years ago
Agreed, Server 3 is the most critical host for the consumer-facing production application.
upvoted 0 times
...
Cory
2 years ago
Let's focus on the Perimeter network web server (Server 3) for manual testing.
upvoted 0 times
...
Carey
2 years ago
Agreed, Server 3 is the most critical host for the consumer-facing production application.
upvoted 0 times
...
Blondell
2 years ago
Let's focus on Server 3, the Perimeter network web server, for additional manual testing.
upvoted 0 times
...
...

Save Cancel