CompTIA PenTest+ (PT0-001) — Question 40

A penetration tester wants to check manually if a `ghost` vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

Answer options

• A. Download the GHOST file to a Linux system and compile gcc -o GHOST test i: ./GHOST
• B. Download the GHOST file to a Windows system and compile gcc -o GHOST GHOST.c test i: ./GHOST
• C. Download the GHOST file to a Linux system and compile gcc -o GHOST GHOST.c test i: ./GHOST
• D. Download the GHOST file to a Windows system and compile gcc -o GHOST test i: ./GHOST

Correct answer: C

Explanation

The correct answer is C because it specifies downloading the GHOST file to a Linux system and compiling it correctly with the appropriate source file, GHOST.c. Options A and D incorrectly reference the compilation process or the operating system, while option B also fails by suggesting the use of Windows, where the correct validation method requires a Linux environment.