CompTIA PenTest+ (PT0-003) — Question 38

A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets' EPSS and CVSS scores, which of the following targets is the most likely to get attacked?

Answer options

• A. Target 1: EPSS Score = 0.6 and CVSS Score = 4
• B. Target 2: EPSS Score = 0.3 and CVSS Score = 2
• C. Target 3: EPSS Score = 0.6 and CVSS Score = 1
• D. Target 4: EPSS Score = 0.4 and CVSS Score = 4.5

Correct answer: A

Explanation

Target 1 has the highest EPSS score of 0.6 and a CVSS score of 4, indicating a greater likelihood of being attacked. In contrast, Target 2 has lower scores, making it less appealing to attackers, while Target 3's CVSS score of 1 suggests minimal risk. Target 4, despite a higher CVSS score of 4.5, has a lower EPSS score than Target 1, making it less likely to be targeted.