🔥 3-day streak
CompTIA PenTest+ (PT0-003)77 / 175
Question 77 of 175

During an internal engagement, you run a credentialed Nessus scan against a Windows server. The report lists a plugin flagged as 'Critical' with a CVSS base score of 9.8, but the plugin output notes 'This is a potential vulnerability — the affected service was detected but the patch level could not be confirmed remotely.' Your client wants to prioritize remediation efficiently. What is the most appropriate next step before reporting this as a confirmed critical finding?

Reviewed for accuracy · Report an issueNext question