CompTIA CASP+ (CAS-003) — Question 108

An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?

Answer options

• A. Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system failure.
• B. Send out spear-phishing emails against users who are known to have access to the network-based application, so the red team can go on-site with valid credentials and use the software.
• C. Examine the application using a port scanner, then run a vulnerability scanner against open ports looking for known, exploitable weaknesses the application and related services may have.
• D. Ask for more details regarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier.

Correct answer: C

Explanation

Option C is the best methodology because it involves scanning for vulnerabilities in the application without prior knowledge, which aligns with the black-box approach. Options A and B either require prior knowledge or involve tactics that do not fit the external attacker role, while option D relies on social engineering, which is less effective in a black-box context.