CompTIA CASP+ (CAS-003) — Question 27
An advanced threat emulation engineer is conducting testing against a client's network. The engineer conducts the testing in as realistic a manner as possible.
Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)
Answer options
- A. Black box testing
- B. Gray box testing
- C. Code review
- D. Social engineering
- E. Vulnerability assessment
- F. Pivoting
- G. Self-assessment
- H. White teaming
- I. External auditing
Correct answer: A, E, F
Explanation
The correct answer includes Black box testing, Vulnerability assessment, and Pivoting, as these techniques are essential for simulating realistic attack scenarios and identifying system weaknesses. Black box testing allows for an external perspective on security, Vulnerability assessment helps identify exploitable weaknesses, and Pivoting is crucial for understanding how an attacker could move through a network. The other options, while relevant in different contexts, do not align as closely with the objectives of realistic threat emulation testing.