CompTIA PenTest+ (PT1-002) — Question 51

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
✑ Have a full TCP connection
✑ Send a `hello` payload
✑ Walt for a response
✑ Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

Answer options

• A. Run nmap ג€"Pn ג€"sV ג€"script vuln <IP address>.
• B. Employ an OpenVAS simple scan against the TCP port of the host.
• C. Create a script in the Lua language and use it with NSE.
• D. Perform a credentialed scan with Nessus.

Correct answer: C

Explanation

The correct answer is C because creating a script in Lua allows for customization needed to meet the specific requirements such as establishing a full TCP connection and sending the appropriate payload. Options A and B may not provide the level of customization required for this specific vulnerability assessment, and option D is unnecessary since a credentialed scan is not needed for this type of assessment.