CompTIA PenTest+ PT0-001 – Question06

A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 10.0. Which of the following levels of difficulty would be required to exploit this vulnerability?

A.
Very difficult; perimeter systems are usually behind a firewall.
B. Somewhat difficult; would require significant processing power to exploit.
C. Trivial; little effort is required to exploit this finding.
D. Impossible; external hosts are hardened to protect against attacks.

Section: (none)

Correct Answer: C
SSection: CompTIA PenTest+ Certification PT0-001
Explanation
Explanation/Reference:
Reference: https://nvd.nist.gov/vuln-metrics/cvss
QUESTION 7
A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regained. Which of the following actions should the penetration tester use to maintain persistence to the device? (Select TWO.)
A. Place an entry in HKLMSoftwareMicrosoftCurrentVersionRun to call au57d.ps1.
B. Place an entry in C:windowssystem32driversetchosts for 12.17.20.10 badcomptia.com.
C. Place a script in C:users%usernamelocalappdataroamingtempau57d.ps1.
D. Create a fake service in Windows called RTAudio to execute manually.
E. Place an entry for RTAudio in HKLMCurrentControlSetServicesRTAudio.
F. Create a schedule task to call C:windowssystem32driversetchosts.
Correct Answer: AC