ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 415 discussion

Actual exam question from CompTIA's SY0-501
Question #: 415
Topic #: 1
[All SY0-501 Questions]

A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst's NEXT step is to perform:

  • A. a risk analysis.
  • B. a vulnerability assessment.
  • C. a gray-box penetration test.
  • D. an external security audit.
  • E. a red team exercise.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Jenkins3mol at Sept. 10, 2019, 8:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Stefanvangent
Highly Voted 5 years, 8 months ago
The answer is without a doubt C. The question clearly states: " break into a client's secure network.". You don't break into a secure system when you perform a vulnerability scan but only with penetration testing.
upvoted 9 times
...
Hot_156
Highly Voted 4 years, 12 months ago
You are all talking about C like that was a step in an IR and it is not. Gray-box is a type of penetration test, not a step in guide. The question is poorly structured.
upvoted 5 times
...
Hanzero
Most Recent 4 years, 8 months ago
break into = penetration test. Easy.
upvoted 3 times
...
brandonl
5 years, 2 months ago
C, because network enumeration includes network scanning and vulnerability assessments. The next step is to do what he came to do, which is penetrate that network. Because was given a piece of information about the network, it is a gray hat test.
upvoted 3 times
...
forward
5 years, 2 months ago
The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. Except for a block of public IP address that are currently in use, this information represent (gray box).
upvoted 2 times
...
Elb
5 years, 4 months ago
C. Gray-box testing splits the difference between white-box and black-box testing. By providing a tester with limited information about the target system, gray-box tests simulate the level of knowledge that a hacker with long-term access to a system would achieve through research and system footprinting.
upvoted 3 times
MelvinJohn
5 years, 3 months ago
Agree. The analyst was given a "block of public IP addresses ." So gray-box because the tester has "limited information about the target system."
upvoted 3 times
...
...
Jenkins3mol
5 years, 8 months ago
Cited from the book:"Vulnerability scanning allows you to identify specific vulnerabilities in your network, and most penetration testers will start with this procedure so that they can identify likely targets to attack. A penetration test is essentially an attempt to exploit these vulnerabilities." SO...I don't think the answer is right.
upvoted 3 times
Jenkins3mol
5 years, 8 months ago
changed my mind again... cited from wikipedia: "A network enumerator or network scanner is a computer program used to retrieve usernames and info on groups, shares, and services of networked computers. This type of program scans networks for vulnerabilities in the security of that network. If there is a vulnerability with the security of the network, it will send a report back to a hacker who may use this info to exploit that network glitch to gain entry to the network or for other malicious activities. Ethical hackers often also use the information to remove the glitches and strengthen their network."
upvoted 1 times
...
potato12345612
5 years, 1 month ago
mentiroso
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel