A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.
Which of the following describes the scope of the assessment?
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.
Which of the following describes the scope of the assessment?
An assessment where the penetration tester has only publicly available information about the target company is classified as unknown environment testing. In this scenario, the tester has not been given any inside information by the client and must rely solely on external data, much akin to a 'black box' testing approach. This differs from partially known or known environment testing, where the tester would have some level of insider information or full access to the system details, respectively. Physical environment testing is unrelated, as it involves assessing physical security controls.
C should be the right one. Partial knowledge of the environment means a tester has some sort of access, credentials, or able to see configs. In this case, OSINT does not provide any partial knowledge of the target....
C. Unknown environment testing In this scenario, the penetration tester only has publicly available information about the target company, which means that the scope of the assessment is unknown. This type of assessment is referred to as unknown environment testing. The tester must rely on publicly available information and publicly accessible services such as websites and email servers to identify potential vulnerabilities. Partially known environment testing (Option A) would be when the tester has some knowledge of the environment, but not all. Known environment testing (Option B) would be when the tester has full knowledge of the environment. Physical environment testing (Option D) would be when the tester conducts testing in the target's physical environment, such as the offices and data centers.
The client themselves haven't actually provided anything though so this is C all day long
I would suggest going re-reading the material if you think this is a partially known test. Public information is PUBLIC anyone can see it. Come on dudes 🤦♂️
C I think correct.
The scope of the assessment is Known environment testing. Known environment testing refers to an assessment where the penetration tester has access to some information about the target environment, such as public information, but does not have full knowledge of the environment. This type of assessment is typically performed when the client is aware of the test and has provided the tester with limited information. Partially known environment testing refers to an assessment where the tester has some knowledge of the environment but not enough to perform a comprehensive assessment. Unknown environment testing refers to an assessment where the tester has no knowledge of the environment and must gather information as part of the assessment. Physical environment testing refers to an assessment that includes testing physical security controls, such as access controls, cameras, and alarms. Therefore, the correct answer is B. Known environment testing.
The scope of the assessment in this scenario is "Partially known environment testing." This is because the penetration tester has only publicly available information about the target company, which means that they have some knowledge about the environment, but not a complete understanding of it.
C answer is correct
A. the answer on the "partially known information" means the information that was provided by the client. If the information only from the public is D, also called as black box testing.
Sorry my bad. The answer is C, so called black box testing.
Answer C
C is the answer
Public information is still information so partially know environment it is.
Public information is available to everyone including BlackHat. So having only publicly accessed information shouldn't be categorized as partially known environment. I stand corrected.
C. Unknown- Ability to see how effective the companies access control is from the outside.
This is C. Unknown Environment Testing The team has not been "given" information. From The Official CompTIA Pentest+ Student Guide (PT0-002) page 149: "Prior to beginning the PenTest, the team might have little or no information about the elements of the target network. Depending on the parameters of the project scope, the team might use one of three methods when testing: Unknown environment testing is when the team is completely in the dark, as no information is presented to the team prior to testing. Partially known environment testing is when the PenTesting team is given some information, such as internal functionality and code. Known environment testing is when the PenTesting team is given all details of the network and applications."
In the scenario described, the penetration tester only has access to publicly available information about the target company, meaning the internal details of the environment are not known to the tester prior to the assessment. This represents a situation where the penetration tester is working with limited or no specific knowledge of the internal layout and technologies used within the target environment. Therefore, the correct answer to this question is: C. Unknown environment testing.
This is also know as black box test.
Has publicly available information about the company. so it is a partially known environment A
publicly available information can gain through first step of PenTest by reconnaissance. so its C.