CompTIA PenTest+ (PT0-003) — Question 13

Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?

Answer options

• A. The tester is conducting a web application test.
• B. The tester is assessing a mobile application.
• C. The tester is evaluating a thick client application.
• D. The tester is creating a threat model.

Correct answer: D

Explanation

The correct answer is D because DREAD is a risk assessment model that is particularly useful when creating a threat model, allowing for a structured approach to evaluate potential threats. Options A, B, and C do not directly relate to the specific purpose of using DREAD over PTES, as they focus more on the type of application being tested rather than the threat modeling process.