When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement.
First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as:
A. the blue team.
B. the white team.
C. the operations team.
D. the read team.
E. the development team.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
The reason why it is the white team is because, of the line “First, the CISO designates a team to operate from within the corporate environment.” The first team created to operate within the environment is a white team.
Is this really an exam question? Wouldn’t both the Blue (defense) and White (referee) teams potentially operate within the corporate environment?
•Red plays offense. This team is primarily composed of penetration testers.
•Blue plays defense. This team is primarily composed of security analysts and incident responders.
•White plays the officials. This team is primarily composed of IT managers, project leads, or any other security personnel in a position of authority.
Maybe it is white team afterall. Got this info from the CASP official student guide:
1. red plays offense
2. blue plays defense
3. white plays the officials, ensure that the exercise is providing overall value to the organization
As far as I know, the blue team does not work within the the organization. They’re usually a third party, trying to test the networks vulnerabilities.
How is the not A?!