nerdexam
Exams212-82Questions#143
EC-CouncilEC-Council

212-82 · Question #143

212-82 Question #143: Real Exam Question with Answer & Explanation

The correct answer is D: A targeted test where both the testers and IT team work collaboratively and are fully informed.. Explanation A targeted (collaborative) penetration test is the most beneficial approach here because the energy conglomerate is mid-transition, meaning testers need full context about both legacy and smart grid components to identify vulnerabilities accurately - collaboration bet

Submitted by rania.sa· Mar 6, 2026Cloud Security Operations & Incident Response

Question

ApexTech, a cybersecurity consultancy, was approached by a large energy conglomerate to assess the robustness of its energy grid control systems. The conglomerate Is transitioning from traditional systems to a more interconnected smart grid. ApexTech proposed a penetration test to identify potential vulnerabilities in the new setup. The firm provided four methodologies it could employ to assess the system's vulnerabilities comprehensively. The energy conglomerate must select the approach that would be MOST revealing and beneficial in identifying vulnerabilities in the context of its transitioning infrastructure:

Options

  • AA double-blind test where both the energy company's IT team and testers are unaware of the
  • BA blind penetration test where testers have no prior knowledge of the infrastructure.
  • CAn external test focusing only on the conglomerate's externally facing assets and systems.
  • DA targeted test where both the testers and IT team work collaboratively and are fully informed.

Explanation

Explanation

A targeted (collaborative) penetration test is the most beneficial approach here because the energy conglomerate is mid-transition, meaning testers need full context about both legacy and smart grid components to identify vulnerabilities accurately - collaboration between testers and the IT team ensures no critical area is overlooked during this complex infrastructure shift. Option A (double-blind) is less effective here because withholding information from both parties creates unnecessary limitations and risks missing transition-specific vulnerabilities that require contextual knowledge. Option B (blind test) may cause testers to waste time on irrelevant areas and miss the nuanced vulnerabilities unique to a hybrid traditional/smart grid environment without infrastructure knowledge. Option C (external test) is too narrow - it ignores internal vulnerabilities and the critical internal control systems of an energy grid, which are arguably the highest-risk targets in an OT/ICS environment.

💡 Memory Tip: Think of a targeted test as a "guided tour" - when infrastructure is complex and changing, you want your security experts to have the map, not wander blindly. For transitioning or critical infrastructure (like energy grids), collaboration = comprehensive coverage.

Topics

#Penetration Testing Methodologies#Vulnerability Assessment#Smart Grid Security#White-Box Testing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 212-82 PracticeBrowse All 212-82 Questions