Back to CompTIA PenTest+ (PenTest+)

Vulnerability Discovery and Analysis

Conduct vulnerability scans, analyze results, and validate findings to identify and address security weaknesses (17% of exam).

Encompasses conducting authenticated and unauthenticated vulnerability scans, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Covers result analysis including validating findings, troubleshooting configurations, and identifying false positives. Includes using discovery tools like Nessus, Nikto, and OpenVAS for vulnerability identification and assessment.
5 minutes 5 Questions

In the context of the CompTIA PenTest+ certification, Vulnerability Discovery and Analysis is a pivotal domain that serves as the bridge between initial reconnaissance and active exploitation. This phase focuses on systematically identifying, validating, and prioritizing security weaknesses within …

Concepts covered: Authenticated vulnerability scans, Unauthenticated vulnerability scans, Static application security testing (SAST), Dynamic application security testing (DAST), Interactive application security testing (IAST), Software composition analysis (SCA), Credentialed vs non-credentialed scans, Scan scheduling and frequency, Vulnerability validation techniques, False positive identification, False negative awareness, Vulnerability severity ratings, CVSS scoring system, CVE database usage, Configuration troubleshooting, Scan result prioritization, Nessus vulnerability scanner, OpenVAS scanner, Nikto web scanner, Burp Suite basics, OWASP ZAP scanner, Qualys vulnerability management, Nuclei scanner

Test mode:
Start practice test
PenTest+ - Vulnerability Discovery and Analysis Example Questions

Test your knowledge of Vulnerability Discovery and Analysis

Question 1

What is the default port on which Burp Suite's proxy listener is configured to intercept HTTP and HTTPS traffic?

Correct Answer: 8080

The correct answer is 8080.

Burp Suite's proxy listener is configured by default to listen on port 8080 for intercepting both HTTP and HTTPS traffic. This is a well-established default configuration that has been consistent across Burp Suite versions. When setting up Burp Suite for the first time, users configure their browser to use 127.0.0.1:8080 (localhost on port 8080) as their proxy server, which allows Burp Suite to intercept and analyze web traffic.

This is important knowledge for the CompTIA PenTest+ exam because Burp Suite is one of the most commonly used tools for web application penetration testing, and understanding its default configuration is fundamental to using it effectively.

Why the other answers are incorrect:

Port 8443 is commonly used as an alternative HTTPS port (similar to how 8080 is an alternative HTTP port), but it is not the default port for Burp Suite's proxy listener.

Port 8888 is used by some other proxy tools and applications, but it is not Burp Suite's default configuration.

Port 9090 is sometimes used for web application servers or administrative interfaces, but it is not associated with Burp Suite's default proxy listener configuration.

Question 2

Which term describes the condition where a security tool fails to detect an actual vulnerability or threat that is present in the tested system?

Correct Answer: False negative

The correct answer is False negative.

A false negative occurs when a security tool, scanner, or testing mechanism fails to identify an actual vulnerability, threat, or malicious activity that is genuinely present in the system. This is a critical concern in penetration testing and security assessments because it creates a false sense of security—the tester or administrator believes the system is secure when it actually contains exploitable weaknesses.

In the context of CompTIA PenTest+, understanding false negatives is essential because:
- They represent missed vulnerabilities that could be exploited by attackers
- They can lead to incomplete remediation efforts
- They highlight the limitations of automated scanning tools
- They emphasize the need for manual testing and verification

Why the other answers are incorrect:

False positive is the opposite scenario—it occurs when a security tool incorrectly flags something as a vulnerability or threat when none actually exists. While annoying and time-consuming to investigate, false positives are generally less dangerous than false negatives because they don't leave actual vulnerabilities undetected.

True negative represents a correct identification where the tool accurately determines that no vulnerability or threat exists in a particular area. This is a desirable outcome and represents proper functioning of the security tool.

Baseline deviation refers to a change or variance from an established normal state or configuration. While this concept is relevant to security monitoring and anomaly detection, it doesn't specifically describe the failure to detect an existing vulnerability or threat.

Question 3

What is the maximum Base Score value possible in CVSS v3.1 when all Exploitability and Impact metrics are set to their most severe ratings?

Correct Answer: 10.0, representing a critical severity vulnerability that poses the highest risk to the affected system

The correct answer is that the maximum Base Score in CVSS v3.1 is 10.0, representing a critical severity vulnerability that poses the highest risk to the affected system.

In CVSS v3.1, the Base Score ranges from 0.0 to 10.0. When all Exploitability metrics (Attack Vector, Attack Complexity, Privileges Required, and User Interaction) and all Impact metrics (Confidentiality, Integrity, and Availability) are set to their most severe ratings, along with a Changed Scope, the maximum possible score of 10.0 is achieved.

Specifically, this occurs when:
- Attack Vector = Network (most severe)
- Attack Complexity = Low (most severe)
- Privileges Required = None (most severe)
- User Interaction = None (most severe)
- Scope = Changed (most severe)
- Confidentiality Impact = High (most severe)
- Integrity Impact = High (most severe)
- Availability Impact = High (most severe)

The other answers are incorrect for the following reasons:

The suggestion that 9.9 is the highest achievable score with unchanged scope is misleading because while it's true that unchanged scope scenarios typically score lower, the question asks for the maximum when ALL metrics are set to most severe, which includes Scope Changed, resulting in 10.0.

The claim that 10.0 only occurs with Changed Scope and at least two of three impact metrics at High is partially correct about requiring Changed Scope, but incorrect about the impact metrics requirement - achieving 10.0 actually requires all three impact metrics (CIA) to be set to High.

The assertion that 9.8 is the practical maximum and that 10.0 is reserved for theoretical scenarios is factually incorrect. CVSS v3.1 does allow real vulnerabilities to score 10.0, and many published CVEs have achieved this score. There is no distinction between 'practical' and 'theoretical' maximums in the CVSS v3.1 specification.

More Vulnerability Discovery and Analysis questions
687 questions (total)
Start 100 question test