CompTIA Security+ (SY0-601) — Question 582

Which of the following best describes a penetration test that resembles an actual external attack?

Answer options

• A. Known environment
• B. Partially known environment
• C. Bug bounty
• D. Unknown environment

Correct answer: D

Explanation

The correct answer is D, as an unknown environment penetration test mimics an actual attack scenario where the tester has no prior knowledge of the system. Option A refers to a scenario where the tester has complete information, while B indicates partial knowledge, both of which do not accurately reflect a real external attack. Option C, a bug bounty, involves finding vulnerabilities in exchange for rewards and is not a penetration test format.