🔥 3-day streak
CompTIA PenTest+ (PT0-003)129 / 175
Question 129 of 175
During an internal assessment, your automated scanner reports that a web server on port 8443 is vulnerable to a critical POODLE (CVE-2014-3566) SSLv3 downgrade attack. The client is skeptical because they claim SSLv3 was disabled last year. Before including this in the report, which action MOST reliably confirms whether the finding is a genuine vulnerability or a false positive?
Reviewed for accuracy · Report an issueNext question