An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?
A) Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system failure.
B) Send out spear-phishing emails against users who are known to have access to the network-based application, so the red team can go on-site with valid credentials and use the software.
C) Examine the application using a port scanner, then run a vulnerability scanner against open ports looking for known, exploitable weaknesses the application and related services may have.
D) Ask for more details regarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier.
Correct Answer:
Verified
Q150: A Chief Information Security Officer (CISO) is
Q151: The finance department has started to use
Q152: A company's security policy states any remote
Q153: A security administrator is updating a company's
Q154: A Chief Information Security Officer (CISO) implemented
Q156: A security engineer is analyzing an application
Q157: A Chief Information Security Officer (CISO) recently
Q158: A security engineer is investigating a compromise
Q159: An organization is reviewing endpoint security solutions.
Q160: Following a recent network intrusion, a company
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents