CompTIA PenTest+ (PT0-001) — Question 155

A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of the target hosts. The administrator claims the system is patched and the evidence is a false positive. Which of the following is the BEST method for a tester to confirm the vulnerability exists?

Answer options

• A. Manually run publicly available exploit code.
• B. Confirm via evidence of the updated version number.
• C. Run the vulnerability scanner again.
• D. Perform dynamic analysis on the vulnerable service.

Correct answer: C

Explanation

Re-running the vulnerability scanner (option C) is the best approach as it can provide updated results and confirm whether the reported vulnerability still exists after the claimed patch. Manually running exploit code (option A) is risky and not the most reliable method, while confirming the version number (option B) may not directly indicate the presence of the vulnerability. Dynamic analysis (option D) could be useful, but it is more complex and may not definitively prove the vulnerability without prior scanner results.