CompTIA PenTest+ (PT0-002) — Question 427

A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability. Which of the following should the penetration tester consider BEFORE running a scan?

Answer options

• A. The timing of the scan
• B. The bandwidth limitations
• C. The inventory of assets and versions
• D. The type of scan

Correct answer: B

Explanation

The correct answer is B, as bandwidth limitations can significantly affect the performance and accuracy of the scan. If the network cannot handle the load, it may lead to dropped packets or incomplete results. Options A, C, and D are also important considerations, but they do not directly relate to the immediate impact of running the scan on the existing network infrastructure.