nerdexam
ExamsCAS-003Questions#126
CompTIA

CAS-003 · Question #126

CAS-003 Question #126: Real Exam Question with Answer & Explanation

The correct answer is D: The results should reflect what attackers may be able to learn about the company.. A black box penetration test is usually done when you do not have access to the code, much the same like an outsider/attacker. This is then the best way to run a penetration test that will also reflect what an attacker/outsider can learn about the company. A black box test simula

Question

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. Which of the following would be the advantage of conducting this kind of penetration test?

Options

  • AThe risk of unplanned server outages is reduced.
  • BUsing documentation provided to them, the pen-test organization can quickly determine areas to
  • CThe results will show an in-depth view of the network and should help pin-point areas of internal
  • DThe results should reflect what attackers may be able to learn about the company.

Explanation

A black box penetration test is usually done when you do not have access to the code, much the same like an outsider/attacker. This is then the best way to run a penetration test that will also reflect what an attacker/outsider can learn about the company. A black box test simulates an outsiders attack.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice