GIAC Penetration Tester (GPEN) — Question 69

You have been contracted to penetration test an e-mail server for a client that wants to know for sure if the sendmail service is vulnerable to any known attacks.
You have permission to run any type of test, how will you proceed to give the client the most valid answer?

Answer options

• A. Run all known sendmail exploits against the server and see if you can compromisethe service, even if it crashed the machine or service
• B. Run a banner grabbing vulnerability checker to determine the sendmail version andpatch level, then look up and report all the vulnerabilities that exist for that versionand patch level
• C. Run all sendmail exploits that will not crash the server and see if you cancompromise the service
• D. Log into the e-mail and determine the sendmail version and patch level, then lookup and report all the vulnerabilities that exist for that version and patch level

Correct answer: C

Explanation

The correct answer is C because it balances the need to test for vulnerabilities without causing service disruptions. Option A is risky as it could crash the server, which is not acceptable in a professional test. Option B, while thorough, does not actively test for vulnerabilities and only relies on research. Option D also focuses on research rather than active exploitation, which does not fulfill the client's request for a penetration test.