CompTIA PenTest+ (PT0-002) — Question 343

Which of the following approaches would be the most appropriate for a penetration tester who is doing a one-week timeboxed assessment for a large electronics retail business with hundreds of locations around the world?

Answer options

• A. Testing virtually with no on-site activities
• B. Testing on a limited sample of retail locations
• C. Testing on site for every retail location
• D. Testing on site for 50% of the retail locations

Correct answer: B

Explanation

Option B is correct because it allows for a manageable assessment within the time constraints, focusing on a representative sample rather than exhausting resources across all locations. Option A may miss critical vulnerabilities that can only be identified on-site, while option C is impractical due to time limitations. Option D, although better than A and C, still does not provide the efficiency of focusing on a limited sample.