nerdexam
CompTIA

CAS-003 · Question #178

Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?

The correct answer is C. Undertaking network-based denial of service attacks in production environment. Penetration testing is done to look at a network in an adversarial fashion with the aim of looking at what an attacker will use. Penetration testing is done without malice and undertaking a network- based denial of service attack in the production environment is as such `OUT OF S

Enterprise Security Operations

Question

Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?

Options

  • ATest password complexity of all login fields and input validation of form fields
  • BReverse engineering any thick client software that has been provided for the test
  • CUndertaking network-based denial of service attacks in production environment
  • DAttempting to perform blind SQL injection and reflected cross-site scripting attacks
  • ERunning a vulnerability scanning tool to assess network and host weaknesses

How the community answered

(38 responses)
  • B
    5% (2)
  • C
    92% (35)
  • E
    3% (1)

Explanation

Penetration testing is done to look at a network in an adversarial fashion with the aim of looking at what an attacker will use. Penetration testing is done without malice and undertaking a network- based denial of service attack in the production environment is as such `OUT OF SCOPE'.

Topics

#penetration testing#scope definition#denial of service#rules of engagement

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice