nerdexam
CompTIA

CAS-003 · Question #221

A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?

The correct answer is C. Scan the site with a port scanner to identify vulnerable services running on the web server. Penetration testing a web portal begins with port scanning to enumerate all exposed services on the server, revealing attack vectors beyond the web application layer. Identifying open ports and service versions is a foundational reconnaissance step before deeper exploitation.

Enterprise Security Operations

Question

A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?

Options

  • AUse a protocol analyzer against the site to see if data input can be replayed from the browser
  • BScan the website through an interception proxy and identify areas for the code injection
  • CScan the site with a port scanner to identify vulnerable services running on the web server
  • DUse network enumeration tools to identify if the server is running behind a load balancer

How the community answered

(37 responses)
  • A
    14% (5)
  • B
    5% (2)
  • C
    78% (29)
  • D
    3% (1)

Why each option

Penetration testing a web portal begins with port scanning to enumerate all exposed services on the server, revealing attack vectors beyond the web application layer. Identifying open ports and service versions is a foundational reconnaissance step before deeper exploitation.

AUse a protocol analyzer against the site to see if data input can be replayed from the browser

A protocol analyzer is a passive traffic capture tool used for monitoring, not an active penetration testing instrument appropriate for assessing a client-facing portal.

BScan the website through an interception proxy and identify areas for the code injection

Using an interception proxy to scan for code injection opportunities is a valid web app testing step but represents a narrow follow-on activity that depends on prior reconnaissance rather than an initial penetration testing action.

CScan the site with a port scanner to identify vulnerable services running on the web serverCorrect

A port scanner identifies all listening services on the web server - including administrative interfaces, databases, or legacy protocols that may be running alongside the web portal. Enumerating service versions enables the tester to identify unpatched or misconfigured services that represent exploitable vulnerabilities, forming the necessary reconnaissance foundation for the full penetration test.

DUse network enumeration tools to identify if the server is running behind a load balancer

Identifying whether a server sits behind a load balancer is supplementary network intelligence that does not directly assess the security posture or vulnerabilities of the web portal.

Concept tested: Web server penetration testing reconnaissance using port scanning

Source: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/

Topics

#penetration testing#port scanning#web application security#vulnerability assessment

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice