CompTIA PenTest+ (PT0-003) — Question 110

A penetration tester must identify vulnerabilities within an ICS that is not connected to the internet or enterprise network. Which of the following should the tester utilize to conduct the testing?

Answer options

• A. Channel scanning
• B. Stealth scans
• C. Source code analysis
• D. Manual assessment

Correct answer: D

Explanation

The correct answer is D, Manual assessment, as it allows the tester to thoroughly examine the ICS's components without relying on network connectivity. The other options, such as Channel scanning, Stealth scans, and Source code analysis, may not be suitable due to the lack of network access or may not provide the comprehensive insights needed for an isolated system.