Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

Exam PT0-003 Topic 4 Question 124 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 124
Topic #: 4
A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output:
Hostname | IP address | CVSS 2.0 | EPSS
hrdatabase | 192.168.20.55 | 9.9 | 0.50
financesite | 192.168.15.99 | 8.0 | 0.01
legaldatabase | 192.168.10.2 | 8.2 | 0.60
fileserver | 192.168.125.7 | 7.6 | 0.90
Which of the following targets should the tester select next?

Suggested Answer: A Vote an answer

Given the output, the penetration tester should select the fileserver as the next target for testing, considering both CVSS and EPSS scores.
* CVSS (Common Vulnerability Scoring System):
* Purpose: CVSS provides a numerical score to represent the severity of vulnerabilities, helping to prioritize remediation efforts.
* Higher Scores: Indicate more severe vulnerabilities.
* EPSS (Exploit Prediction Scoring System):
* Purpose: EPSS estimates the likelihood that a vulnerability will be exploited in the wild within the next 30 days.
* Higher Scores: Indicate a higher likelihood of exploitation.
* Evaluation:
* hrdatabase: CVSS = 9.9, EPSS = 0.50
* financesite: CVSS = 8.0, EPSS = 0.01
* legaldatabase: CVSS = 8.2, EPSS = 0.60
* fileserver: CVSS = 7.6, EPSS = 0.90
* The fileserver has the highest EPSS score, indicating a high likelihood of exploitation, despite having a slightly lower CVSS score compared to hrdatabase and legaldatabase.
Pentest References:
* Prioritization: Balancing between severity (CVSS) and exploitability (EPSS) is crucial for effective vulnerability management.
* Risk Assessment: Evaluating both the impact and the likelihood of exploitation helps in making informed decisions about testing priorities.
By selecting the fileserver, which has a high EPSS score, the penetration tester focuses on a target that is more likely to be exploited, thereby addressing the most immediate risk.

by Franklin at Jul 10, 2026, 09:07 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.