CompTIA CASP+ (CAS-003) — Question 107

When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment.
This team is commonly referred to as:

Answer options

• A. the blue team.
• B. the white team.
• C. the operations team.
• D. the red team.
• E. the development team.

Correct answer: B

Explanation

The correct answer is B, the white team, which is responsible for overseeing the testing process and ensuring that the rules of engagement are followed. The blue team typically defends against attacks, while the red team simulates attackers, and the operations and development teams serve different functions unrelated to penetration testing roles.