CompTIA Security+ (SY0-501) — Question 957

A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst's NEXT step is to perform:

Answer options

• A. a risk analysis.
• B. a vulnerability assessment.
• C. a gray-box penetration test.
• D. an external security audit.
• E. a red team exercise.

Correct answer: C

Explanation

The correct answer is C, as a gray-box penetration test allows the analyst to exploit known vulnerabilities in the client's network using the information from the public IP addresses. Options A and D do not involve direct testing of security, B focuses on identifying vulnerabilities rather than exploiting them, and E implies a more comprehensive attack simulation rather than a targeted test.