CompTIA PenTest+ (PT0-002) — Question 31

A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

Answer options

• A. Asset inventory
• B. DNS records
• C. Web-application scan
• D. Full scan

Correct answer: A

Explanation

The best approach to identify systems accurately is to conduct an Asset inventory, as it provides a comprehensive list of all assets in the environment. DNS records may provide some information, but they do not cover all systems, while a web-application scan and full scan are assessment methods rather than identification techniques.