🔥 3-day streak
CompTIA PenTest+ (PT0-003)12 / 175
Question 12 of 175
During an internal engagement, your credentialed scan reports three findings on separate hosts: (1) a low-severity information-disclosure flaw on a web app that leaks internal hostnames and a service account name, (2) a medium-severity SMB signing-not-required setting on a file server, and (3) a low-severity anonymous LDAP bind on a domain controller. Individually each rates below the client's remediation threshold. The client asks why you flagged these as a single high-priority item in your report. Which analysis best justifies elevating the combined risk?
Reviewed for accuracy · Report an issueNext question