CompTIA PenTest+ (PT0-003) — Question 35

A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?

Answer options

• A. Utilizing port mirroring on a firewall appliance
• B. Installing packet capture software on the server
• C. Reconfiguring the application to use a proxy
• D. Requesting that certificate pinning be disabled

Correct answer: A

Explanation

Utilizing port mirroring on a firewall appliance allows for monitoring of network traffic without altering the application or server, making it an effective way to assess if communications are encrypted. Installing packet capture software on the server could conflict with the manufacturer's terms and may not provide insight into traffic outside the server. Reconfiguring the application to use a proxy could also violate support agreements, and requesting that certificate pinning be disabled could expose the application to security risks.