CompTIA PenTest+ (PT0-002) — Question 145

A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

Answer options

• A. Crawling the web application's URLs looking for vulnerabilities
• B. Fingerprinting all the IP addresses of the application's servers
• C. Brute forcing the application's passwords
• D. Sending many web requests per second to test DDoS protection

Correct answer: D

Explanation

The correct answer is D because sending a high volume of web requests could overwhelm the shared network bandwidth and negatively impact other customers of the cloud provider. Options A, B, and C are generally acceptable activities during penetration testing, as they do not necessarily disrupt the service for other users.