ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 707 discussion

Actual exam question from CompTIA's SY0-601
Question #: 707
Topic #: 1
[All SY0-601 Questions]

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?

  • A. Engage the penetration-testing firm's rea-team services to fully mimic possible attackers.
  • B. Give the penetration tester data diagrams of core banking applications in a known-environment test.
  • C. Limit the scope of the penetration test to only the system that is used for teller workstations.
  • D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by minx98 at Oct. 1, 2023, 3:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BlackSpider
Highly Voted 1 year, 8 months ago
Selected Answer: D
If the bank desires a realistic attack scenario but has budget constraints, the best approach would be to reduce the time and effort the penetration testers would spend on the initial phases of an attack, such as reconnaissance. Therefore, the best option is: D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts. By doing this, the bank is cutting down the time spent on initial information gathering, allowing the penetration testers to focus more on the actual testing and exploitation phases, thereby providing a realistic scenario within the bank's budget.
upvoted 9 times
...
johnabayot
Most Recent 1 year, 4 months ago
Selected Answer: D
This option would allow the penetration tester to simulate a realistic attack scenario without spending too much time on gathering information about the target environment. By providing some networking details, the tester can focus on finding and exploiting vulnerabilities in the bank’s systems and applications. This would also help the bank to identify and fix the most critical security issues that could compromise its data and operations.
upvoted 2 times
...
Made100
1 year, 5 months ago
C works for costs and time spent. It narrows where the attacks will most likely be
upvoted 1 times
...
mazar2
1 year, 8 months ago
Selected Answer: A
A. Engage the penetration-testing firm's red team services to fully mimic possible attackers.
upvoted 1 times
david124
1 year, 4 months ago
you just completely ignored the budget constraints lol
upvoted 8 times
...
...
mikey117
1 year, 8 months ago
Selected Answer: D
D is correct.
upvoted 3 times
...
minx98
1 year, 8 months ago
Selected Answer: C
C is best
upvoted 3 times
mikey117
1 year, 8 months ago
This scenario mentions nothing about tellers; answer is D.
upvoted 9 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel