CompTIA Security+ (SY0-701) — Question 57

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Answer options

• A. Open-source intelligence
• B. Bug bounty
• C. Red team
• D. Penetration testing

Correct answer: B

Explanation

The correct answer is 'Bug bounty' because it refers to a program where organizations pay researchers for finding and reporting vulnerabilities. The other options do not accurately describe this situation; 'Open-source intelligence' involves gathering publicly available information, 'Red team' refers to a group that simulates attacks to test defenses, and 'Penetration testing' typically involves hired professionals rather than open submissions from the public.