CompTIA CASP+ (CAS-003) — Question 42

A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?

Answer options

• A. Use a protocol analyzer against the site to see if data input can be replayed from the browser
• B. Scan the website through an interception proxy and identify areas for the code injection
• C. Scan the site with a port scanner to identify vulnerable services running on the web server
• D. Use network enumeration tools to identify if the server is running behind a load balancer

Correct answer: C

Explanation

The correct answer is C because scanning the site with a port scanner allows for the identification of vulnerable services that could be exploited during a penetration test. Options A and B focus on testing input data and code injection, which are important but not as directly related to identifying server vulnerabilities. Option D is less relevant as it pertains to network architecture rather than directly assessing the web portal's security.