A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website’s response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?
The correct option is deconfliction. Deconfliction involves ensuring that multiple activities or tests do not interfere with each other and that legitimate testing activities are not mistaken for malicious activity. In this scenario, the network engineer observed a flood of GET requests that significantly impacted the website’s performance. By contacting the penetration tester, the network engineer is attempting to determine if these requests are part of the authorized penetration test or if they are indicative of an actual attack or another issue that needs to be addressed, thereby preventing conflicts and ensuring clarity in the activities being undertaken.
https://redteam.guide/docs/definitions/
Agree. The example is the definition of deconfliction.
this is example of deconfilction
D. Deconfliction is the best describes the purpose of checking with the penetration tester. Deconfliction involves identifying potential conflicts or overlaps with other activities taking place on the network, such as the flood of GET requests the network engineer has noticed. By determining the source of these requests, the network engineer can ensure that the penetration testing does not interfere with any other operations on the network.
D is the answer
D. Deconfliction Explanation: Deconfliction is the process of ensuring that multiple activities or tests do not interfere with each other and that legitimate testing activities are not mistaken for malicious activity. In this scenario, the network engineer observed a flood of GET requests that significantly impacted the website’s performance. By contacting the penetration tester, the network engineer is attempting to determine whether these requests are part of the authorized penetration test or if they represent an actual attack or another issue that needs to be addressed.
A. Situational awareness: • Situational awareness involves understanding the current state of the environment, including network traffic and potential threats. While contacting the penetration tester may contribute to situational awareness, the primary goal in this context is to resolve potential conflicts between testing and operational stability. B. Rescheduling: • Rescheduling refers to changing the timing of the penetration test. The network engineer is seeking to understand whether the GET requests are part of the test, not necessarily looking to reschedule the test. C. DDoS defense: • While the network engineer might be concerned about a DDoS (Distributed Denial of Service) attack, the primary action is to determine whether the observed traffic is legitimate (part of the test) or malicious. The primary goal is to avoid unnecessary defensive actions if the traffic is part of authorized testing.
This is deconfliction in action.
Answer is NOT A, its D. Disappointing how many of these questions have the wrong answer. For this scenario the salient factor for me is the Network engineer knew there was a pentest in operation, as he knew how to contact the pentester. Situational awareness would be if the engineer didn't know about the pentest and formulated the idea of a pentester running stress tests, escalated it to management and then received the phone number to call to de conflict.
In this scenario, the network engineer is reaching out to the penetration tester to understand if the flood of GET requests is part of the authorized testing. This is done to clarify the activities and ensure that both parties are on the same page about what is happening, and if any unintended conflicts or confusion might occur. The BEST description of the purpose of this check with the penetration tester would be: D. Deconfliction
Situational awareness is the ability to recognize and understand relevant aspects of the environment, including safety risks. This allows a person or organization to take effective action to reduce risks, ensure safety, and create a more secure environment. In the context of penetration testing, situational awareness is used to constantly monitor and assess the environment, either in real-time or after-action, to ensure the safety and security of the system being tested.
aaaaaaaaaaaaaaaa
D is correct search again