CompTIA PenTest+ (PT0-001) — Question 105

A software development team recently migrated to new application software on the on-premises environment. Penetration test findings show that multiple vulnerabilities exist. If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM.
Which of the following is MOST important for confirmation?

Answer options

• A. Unsecure service and protocol configuration
• B. Running SMB and SMTP service
• C. Weak password complexity and user account
• D. Misconfiguration

Correct answer: A

Explanation

The correct answer, A, addresses the need for secure configurations of services and protocols, which is crucial for confirming vulnerabilities. While options B, C, and D are also important, they do not directly reflect the most critical aspect of validating the security posture in the context of a penetration test.