CompTIA CASP+ (CAS-003) — Question 157

A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use.
After network enumeration, the analyst's NEXT step is to perform:

Answer options

• A. a gray-box penetration test
• B. a risk analysis
• C. a vulnerability assessment
• D. an external security audit
• E. a red team exercise

Correct answer: A

Explanation

The correct answer is A, a gray-box penetration test, because it allows the analyst to leverage the limited information available to identify vulnerabilities. The other options, such as a risk analysis, vulnerability assessment, external security audit, and red team exercise, do not directly follow the stage of having specific information about the network's vulnerabilities.