CompTIA CySA+ (CS0-001) — Question 43

A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization's internal and external network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses in the infrastructure.
The scope of activity as described in the statement of work is an example of:

Answer options

• A. session hijacking
• B. vulnerability scanning
• C. social engineering
• D. penetration testing
• E. friendly DoS

Correct answer: D

Explanation

The correct answer is D, penetration testing, as it involves simulating real-world attacks to identify vulnerabilities in a network. Options A (session hijacking) and C (social engineering) refer to specific attack methods rather than the overall assessment process, while B (vulnerability scanning) typically implies automated scans without the active exploitation elements found in penetration testing. Option E (friendly DoS) does not fit the context of identifying weaknesses through probing.