CAS-001 · Question #398
CAS-001 Question #398: Real Exam Question with Answer & Explanation
The correct answer is C: Undertaking network-based denial of service attacks in production environment. Penetration tests are scoped to avoid causing irreversible harm or business disruption. Option C - network-based denial of service attacks in a production environment - is almost universally excluded from penetration test scope because DoS attacks interrupt legitimate business op
Question
Options
- ATest password complexity of all login fields and input validation of form fields
- BReverse engineering any thick client software that has been provided for the test
- CUndertaking network-based denial of service attacks in production environment
- DAttempting to perform blind SQL injection and reflected cross-site scripting attacks
- ERunning a vulnerability scanning tool to assess network and host weaknesses
Explanation
Penetration tests are scoped to avoid causing irreversible harm or business disruption. Option C - network-based denial of service attacks in a production environment - is almost universally excluded from penetration test scope because DoS attacks interrupt legitimate business operations, affect real customers, and can cause financial and reputational harm that far exceeds the value of the security insight gained. Production systems process live transactions; taking them offline constitutes actual damage, not simulated risk. DoS testing, if required, is conducted in isolated lab/staging environments. Options A (password/input validation testing), B (reverse engineering a provided thick client), D (SQL injection and XSS), and E (vulnerability scanning) are all standard, accepted penetration testing activities that assess vulnerabilities without causing service disruption or unrecoverable damage to production systems.
Community Discussion
No community discussion yet for this question.