CAS-003 · Question #221
A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?
The correct answer is C. Scan the site with a port scanner to identify vulnerable services running on the web server. Penetration testing a web portal begins with port scanning to enumerate all exposed services on the server, revealing attack vectors beyond the web application layer. Identifying open ports and service versions is a foundational reconnaissance step before deeper exploitation.
Question
A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?
Options
- AUse a protocol analyzer against the site to see if data input can be replayed from the browser
- BScan the website through an interception proxy and identify areas for the code injection
- CScan the site with a port scanner to identify vulnerable services running on the web server
- DUse network enumeration tools to identify if the server is running behind a load balancer
How the community answered
(37 responses)- A14% (5)
- B5% (2)
- C78% (29)
- D3% (1)
Why each option
Penetration testing a web portal begins with port scanning to enumerate all exposed services on the server, revealing attack vectors beyond the web application layer. Identifying open ports and service versions is a foundational reconnaissance step before deeper exploitation.
A protocol analyzer is a passive traffic capture tool used for monitoring, not an active penetration testing instrument appropriate for assessing a client-facing portal.
Using an interception proxy to scan for code injection opportunities is a valid web app testing step but represents a narrow follow-on activity that depends on prior reconnaissance rather than an initial penetration testing action.
A port scanner identifies all listening services on the web server - including administrative interfaces, databases, or legacy protocols that may be running alongside the web portal. Enumerating service versions enables the tester to identify unpatched or misconfigured services that represent exploitable vulnerabilities, forming the necessary reconnaissance foundation for the full penetration test.
Identifying whether a server sits behind a load balancer is supplementary network intelligence that does not directly assess the security posture or vulnerabilities of the web portal.
Concept tested: Web server penetration testing reconnaissance using port scanning
Source: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/
Topics
Community Discussion
No community discussion yet for this question.