CompTIA Security+ (SY0-601) — Question 418

A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Answer options

• A. Open-source intelligence
• B. Bug bounty
• C. Red team
• D. Penetration testing

Correct answer: B

Explanation

The correct answer is 'Bug bounty', as this program incentivizes security researchers to identify vulnerabilities in exchange for rewards. 'Open-source intelligence' refers to gathering information from publicly available sources, while 'Red team' involves simulated attacks to test defenses, and 'Penetration testing' is a structured approach to assess security, but does not typically involve compensation for independent researchers.