A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment?
C should be the right one. Partial knowledge of the environment means a tester has some sort of access, credentials, or able to see configs. In this case, OSINT does not provide any partial knowledge of the target....
I agree with Selected Answer C, but I don't like the question at all.. if you discover that the environment uses a specific vendor for IT assets from OSINT, that is knowledge which would bring you to a Partially known environment. This is why tests like OSCP and practical knowledge will always supersede these horrible tests.
This is C. Unknown Environment Testing
The team has not been "given" information.
From The Official CompTIA Pentest+ Student Guide (PT0-002) page 149:
"Prior to beginning the PenTest, the team might have little or no information about the elements of the target network. Depending on the parameters of the project scope, the team might use one of three methods when testing:
Unknown environment testing is when the team is completely in the dark, as no information is presented to the team prior to testing.
Partially known environment testing is when the PenTesting team is given some information, such as internal functionality and code.
Known environment testing is when the PenTesting team is given all details of the network and applications."
In the scenario described, the penetration tester only has access to publicly available information about the target company, meaning the internal details of the environment are not known to the tester prior to the assessment. This represents a situation where the penetration tester is working with limited or no specific knowledge of the internal layout and technologies used within the target environment.
Therefore, the correct answer to this question is:
C. Unknown environment testing.
The scope of the assessment is Known environment testing.
Known environment testing refers to an assessment where the penetration tester has access to some information about the target environment, such as public information, but does not have full knowledge of the environment. This type of assessment is typically performed when the client is aware of the test and has provided the tester with limited information.
Partially known environment testing refers to an assessment where the tester has some knowledge of the environment but not enough to perform a comprehensive assessment. Unknown environment testing refers to an assessment where the tester has no knowledge of the environment and must gather information as part of the assessment. Physical environment testing refers to an assessment that includes testing physical security controls, such as access controls, cameras, and alarms.
Therefore, the correct answer is B. Known environment testing.
The scope of the assessment in this scenario is "Partially known environment testing."
This is because the penetration tester has only publicly available information about the target company, which means that they have some knowledge about the environment, but not a complete understanding of it.
A. the answer on the "partially known information" means the information that was provided by the client.
If the information only from the public is D, also called as black box testing.
C. Unknown environment testing
In this scenario, the penetration tester only has publicly available information about the target company, which means that the scope of the assessment is unknown. This type of assessment is referred to as unknown environment testing. The tester must rely on publicly available information and publicly accessible services such as websites and email servers to identify potential vulnerabilities.
Partially known environment testing (Option A) would be when the tester has some knowledge of the environment, but not all. Known environment testing (Option B) would be when the tester has full knowledge of the environment. Physical environment testing (Option D) would be when the tester conducts testing in the target's physical environment, such as the offices and data centers.
I would suggest going re-reading the material if you think this is a partially known test. Public information is PUBLIC anyone can see it. Come on dudes 🤦♂️
Public information is available to everyone including BlackHat. So having only publicly accessed information shouldn't be categorized as partially known environment. I stand corrected.
publicly available information can gain through first step of PenTest by reconnaissance. so its C.
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
bromings
Highly Voted 2 years, 6 months agoXanALaOM00
Most Recent 10 months, 1 week agoEny4444
11 months, 2 weeks agosurfuganda
1 year, 2 months agosolutionz
1 year, 10 months agoxviruz2kx
2 years, 2 months agoAaronS1990
2 years, 2 months agocy_analyst
2 years, 3 months ago[Removed]
2 years, 3 months agoALBaqir
2 years, 3 months agoALBaqir
2 years, 3 months ago[Removed]
2 years, 3 months agoRRabbit_111
2 years, 4 months agoMr_BuCk3th34D
2 years, 5 months agodcyberguy
2 years, 5 months ago[Removed]
2 years, 5 months agobieecop
2 years, 6 months agomasso435
2 years, 6 months agodcyberguy
2 years, 5 months agoosoHacker
2 years, 7 months agojhfkjsdfhsfh
2 years, 6 months ago