CompTIA PenTest+ (PT0-002) — Question 102

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.
Which of the following is the BEST way to ensure this is a true positive?

Answer options

• A. Run another scanner to compare.
• B. Perform a manual test on the server.
• C. Check the results on the scanner.
• D. Look for the vulnerability online.

Correct answer: B

Explanation

Performing a manual test on the server (option B) is the most reliable way to verify the existence of a vulnerability, as it allows for direct assessment beyond automated tools. Running another scanner (option A) might yield similar results but doesn't guarantee accuracy, while checking the scanner results (option C) merely reviews the findings without additional validation. Looking for the vulnerability online (option D) can provide information but does not confirm its presence on the specific server.