Multiple Choice
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?
A) Manually check the version number of the VoIP service against the CVE release
B) Test with proof-of-concept code from an exploit database
C) Review SIP traffic from an on-path position to look for indicators of compromise
D) Utilize an nmap -sV scan against the service Utilize an nmap -sV scan against the service
Correct Answer:
Verified
Correct Answer:
Verified
Q46: A penetration tester logs in as a
Q47: During a penetration-testing engagement, a consultant performs
Q48: A penetration tester was able to gain
Q49: A penetration tester discovered a vulnerability that
Q50: A penetration tester is exploring a client's
Q52: A new security firm is onboarding its
Q53: A penetration tester conducted a vulnerability scan
Q54: A large client wants a penetration tester
Q55: A penetration tester wants to identify CVEs
Q56: The results of an Nmap scan are