CompTIA PenTest+ (PT0-001) — Question 57

A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the finding. Which of the following techniques can the penetration tester perform to adjudicate the validity of the findings?

Answer options

• A. Ensure the scanner can make outbound DNS requests.
• B. Ensure the scanner is configured to perform ARP resolution.
• C. Ensure the scanner is configured to analyze IP hosts.
• D. Ensure the scanner has the proper plug -ins loaded.

Correct answer: A

Explanation

The correct answer is A because making outbound DNS requests allows the scanner to verify the hostname associated with the SSL certificate directly. Options B, C, and D do not directly address the validation of the SSL certificate against the hostname, making them less relevant for this specific issue.