A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the number of the service. Which of the following methods would BEST support validation of the possible findings?
To validate the presence of newly released CVEs in a VoIP call manager, the best approach is to manually check the version number of the VoIP service against the CVE release. This method directly verifies whether the specific version being used is affected by the newly identified vulnerabilities. It is a precise and reliable approach that avoids unnecessary risks or disruptions.
This looks like A here. The CVE would show the version numbers that the vulnerability impacted
To validate the possible findings related to the newly released CVEs on a VoIP call manager, it's essential to confirm that the identified vulnerabilities are indeed present in the specific version of the service running. Among the given options, the BEST method for achieving this would be: A. Manually check the version number of the VoIP service against the CVE release. Explanation: This option involves manually comparing the version number of the VoIP service with the information provided in the CVE release. By doing so, the penetration tester can directly confirm whether the identified vulnerabilities apply to the version in use. This is a precise and careful approach that avoids unnecessary risks. Other options are not as suitable for validation:
Option A would be the best method to validate the possible findings. Manually checking the version number of the VoIP service against the CVE release would provide a direct and reliable method to confirm whether the CVEs apply to the system. Option B might provide some additional confirmation, but it is also risky as the proof-of-concept code could potentially harm the non-production system, and might not necessarily provide a conclusive result. Option C might be useful for detecting ongoing attacks, but it wouldn't necessarily provide validation for the presence of the identified CVEs. Option D, an nmap -sV scan, might help to determine the version number of the service, but it might not necessarily provide definitive proof of the presence of the CVEs. Therefore, option A would be the best method to validate the possible findings.
Your sure A is correct then B?
After A I would go with C and then B because with C I can check real time for the validity of the vulnerability. For B of course is a valid choice but I don't think I will always have a spare device to check with.
aaaaaaaa
CompTIA has asked similar questions before on previous exams. It's always a manual check as the answer.
When manually checking the version number of the VoIP service against the CVE release, it is important to look for any discrepancies between the version numbers being reported. If the version numbers don't match up, it could indicate that the software is not up-to-date and vulnerable to attack. Additionally, when manually checking against CVEs, you should always confirm that the CVEs have been released and not just reported but unconfirmed.
A or B ?
The question says "The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service." Why would you scan it again after you've already got service information from a previous scan? This is why the answer should be B
The method that would best support the validation of the possible findings based on newly released CVEs identified on a VoIP call manager is: B. Test with proof-of-concept code from an exploit database on a non-production system. Explanation: • Testing with proof-of-concept code: This approach involves using exploit code available in public exploit databases to test the vulnerabilities directly. This method provides direct evidence of whether the vulnerabilities are present and exploitable in the VoIP call manager. By testing in a non-production environment, the tester avoids disrupting critical services while obtaining reliable validation of the findings.
According ChatGPT Option A, manually checking the version number of the VoIP service against the CVE release, would be the BEST method to validate the possible findings. This would involve reviewing the version number of the VoIP service and comparing it to the list of published CVEs to confirm whether the service is affected by the identified CVEs. This method is more accurate and less risky than option B, which involves using proof-of-concept code from an exploit database on a non-production system, as this could potentially cause disruption to the non-production system
A requires more time and is a viable option just not the best B less time and is the best answer to confirm it is an issue
B is less time ? Are you high lol. I don't know if you work in IT but most companies dont have off production network to test things out...
B. Test with proof-of-concept code from an exploit database on a non-production system would be the BEST method to validate the possible findings. Running a proof-of-concept exploit on a non-production system can confirm the presence of the vulnerability without risking production systems. Once the vulnerability has been validated, appropriate remediation or mitigation measures can be taken. Manually checking the version number of the VoIP service against the CVE release or executing an nmap -sV scan can help in determining the potential presence of vulnerabilities, but may not confirm the presence of the vulnerability. Reviewing SIP traffic from an on-path position to look for indicators of compromise may help in identifying an ongoing attack, but may not be useful for validating the possible findings.
Answer A is partially correct, but it is not the best approach as it involves manual work, which can be prone to errors and time-consuming. Answer C is not the best approach because it is not practical to capture all SIP traffic for validation. It is not scalable and can generate a large amount of irrelevant data. Additionally, it might not be possible to capture all relevant SIP traffic. Therefore, answer B is the best approach as it uses proof-of-concept code from an exploit database on a non-production system, which is a safe and efficient way to validate the possible findings.
B 90% A 80% i go with B
has identified several newly released CVEs on a VoIP call manager. presence of the CVEs based off the version number of the service. How would A help at this point?
This is tough.. at first I thought A, but leaning more towards B now that I looked at it more and found this link. https://www.examtopics.com/discussions/comptia/view/69642-exam-pt1-002-topic-1-question-41-discussion/
I think it's A. You wouldn't exploit anything without legal agreements. Or else you risk recourse from the company.
I see what your saying, but this is a non-production system, so maybe a sandbox? This question sucks either way.