A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?
A.
Maximizing the likelihood of finding vulnerabilities
I will go with B
Dion Training book:
Goal Reprioritization ▪ Have the goals of the assessment changed? ▪ Has any new information been found that might affect the goal or desired end state?
I would also agree with A, because by goal reprioritization you are more likely to find vulnerabilities in this specific segment of critical network, but it is a side effect of goal reprioritization.
The action of shifting the focus of a penetration test to a specific critical network segment based on the findings during the engagement best aligns with B. Reprioritizing the goals/objectives.
because as the client is choosing to change the focus of the testing to a particular area based on the findings. It reflects an adjustment of the original plan or goals to better suit the current understanding of the system's security posture.
Option A, Maximizing the likelihood of finding vulnerabilities, is incorrect because the client is not necessarily looking to find more vulnerabilities, but rather to prioritize their resources to the most important network segment.
Option C, Eliminating the potential for false positives, is also incorrect because the client is not looking to eliminate false positives, but rather to prioritize their resources to the most important network segment.
Option D, Reducing the risk to the client environment, is also incorrect because the client is looking to prioritize their resources to the most important network segment. Reducing the risk to the client environment is a result of focusing on the critical network segment, but it is not the action taking place.
Reprioritizing the goals/objectives means adjusting the focus of the penetration testing effort based on the findings of the initial testing. In this scenario, the client is identifying a specific network segment as being a critical area of concern and wants the security firm to concentrate their efforts on identifying vulnerabilities in that segment. By doing so, the client is trying to ensure that the most critical areas of their network are thoroughly tested and that any vulnerabilities found in those areas are addressed as a priority. This is different from maximizing the likelihood of finding vulnerabilities, eliminating the potential for false positives, or reducing the risk to the client environment, which are different objectives.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
som3onenooned1
Highly Voted 1 year, 6 months agosolutionz
Most Recent 9 months ago[Removed]
1 year agokloug
1 year, 2 months ago[Removed]
1 year, 2 months agoNotAHackerJustYet
1 year, 3 months agoRRabbit_111
1 year, 3 months ago