CompTIA PenTest+ (PT0-003) — Question 69

During a security audit, a penetration tester wants to exploit a vulnerability in a common network protocol. The protocol allows encrypted communications to be intercepted and manipulated. Which of the following vulnerabilities should the tester exploit?

Answer options

• A. CVE-202W-ZZZZ: Cisco ASA IKEv2/IPSec Fragmentation Vulnerability
• B. CVE-202Y-XXXX: Wireshark SSL/TLS Decryption Vulnerability
• C. CVE-202X-YYYY: OpenSSL DROWN Attack
• D. CVE-202Z-WWWW: Microsoft SMBv1 EternalBlue Exploit

Correct answer: C

Explanation

The correct answer is C, CVE-202X-YYYY: OpenSSL DROWN Attack, as it specifically targets vulnerabilities in the SSL/TLS protocols, allowing encrypted communications to be decrypted and manipulated. Options A and D pertain to different protocols and exploits that do not focus on SSL/TLS vulnerabilities, while option B involves a specific tool and not a direct exploit of a protocol vulnerability.