Following a successful exploitation of an RCE vulnerability during a penetration test, a systems administrator is performing remediation activities of the target system. Since the systems administrator was not involved in the planning process for the penetration test, a production server was inadvertently targeted and impacted by the actions of the penetration tester. Which of the following would be the most appropriate to reduce the impact of the penetration test in the future?

A. Leverage a purple team approach to refine scope definition.

B. Exclude non-production systems from the penetration test.

C. Implement a black-box approach for the penetration test.

D. Include an intercepting proxy in the production environment.

E. Rely on web application vulnerability scans instead of penetration testing.






 

Suggested Answer: A

Community Answer: A



This question is in CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.