🔥 3-day streak
CompTIA PenTest+ (PT0-003)24 / 175
Question 24 of 175

During an internal assessment, a penetration tester runs an unauthenticated network vulnerability scan against a fleet of Windows workstations. The report shows only a handful of network-service findings, yet the client insists their patch management is inconsistent and many local application vulnerabilities likely exist. The tester wants the most accurate view of missing OS and third-party patches (e.g., outdated Adobe Reader, unpatched local privilege-escalation flaws) without deploying agents. What should the tester do next?

Reviewed for accuracy · Report an issueNext question