CompTIA
CAS-003 · Question #178
CAS-003 Question #178: Real Exam Question with Answer & Explanation
The correct answer is C: Undertaking network-based denial of service attacks in production environment. Penetration testing is done to look at a network in an adversarial fashion with the aim of looking at what an attacker will use. Penetration testing is done without malice and undertaking a network- based denial of service attack in the production environment is as such `OUT OF S
Question
Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?
Options
- ATest password complexity of all login fields and input validation of form fields
- BReverse engineering any thick client software that has been provided for the test
- CUndertaking network-based denial of service attacks in production environment
- DAttempting to perform blind SQL injection and reflected cross-site scripting attacks
- ERunning a vulnerability scanning tool to assess network and host weaknesses
Explanation
Penetration testing is done to look at a network in an adversarial fashion with the aim of looking at what an attacker will use. Penetration testing is done without malice and undertaking a network- based denial of service attack in the production environment is as such `OUT OF SCOPE'.
Community Discussion
No community discussion yet for this question.