A security company has been contracted to perform a scoped i - CompTIA Pentest+ PT0-003

Correct Answer: A. Exploiting a configuration weakness in the SQL database

In a scoped insider-threat assessment, the goal is to simulate an internal attacker (e.g., a disgruntled employee or compromised insider) to test how easily they can access sensitive data, such as PII and salary records on the HR server.

• If the HR server uses a misconfigured SQL database, an insider may exploit weak authentication, unpatched vulnerabilities, or overly permissive access controls to gain access.
• SQL misconfigurations are common security flaws that organizations must fix, making this a realistic and ethical attack vector.
• Testing for SQL weaknesses falls within the scope of ethical penetration testing, as long as it does not disrupt production or violate the agreed-upon rules of engagement.

Why the Other Options Are Incorrect:

Intercepting outbound TLS traffic

• This involves man-in-the-middle (MITM) attacks and breaking encryption, which may lead to legal and ethical violations if not explicitly permitted.

• Risk: Could expose sensitive user data beyond what was authorized in the scope.

MITM attacks on TLS traffic could violate privacy laws and breach unauthorized data.

Gaining access to hosts by injecting malware into the enterprise-wide update server

• Deploying malware or modifying enterprise-wide updates can have severe operational consequences and could be considered malicious hacking rather than ethical penetration testing.

• Risk: Could disrupt the entire organization rather than just testing HR server access.

Injecting malware into enterprise-wide systems is unethical and dangerous.

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates

• An internal certificate authority (CA) is a highly sensitive infrastructure component used for authentication and encryption.

• Risk: If a penetration tester creates fraudulent certificates, they could gain unauthorized access beyond the agreed scope and compromise overall network security.

Creating fake client certificates is unethical and could lead to unintended consequences.

Establishing and maintaining persistence on the domain controller

• The domain controller (DC) is the heart of an organization’s authentication and access control system.

• Risk: Gaining persistent access to the DC could enable full domain compromise, which is highly destructive and likely out of scope unless explicitly permitted.

Maintaining persistence on the domain controller is too invasive and likely out of scope.