Which of the following is the BEST methodology for the red team to follow?

– by 5

An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?
A. Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system failure.
B. Send out spear-phishing emails against users who are known to have access to the network-based application, so the red team can go on-site with valid credentials and use the software.
C. Examine the application using a port scanner, then run a vulnerability scanner against open ports looking for known, exploitable weaknesses the application and related services may have.
D. Ask for more details regarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier.

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.
comptia-exams

5 thoughts on “Which of the following is the BEST methodology for the red team to follow?

  1. Definitely not A, since you need network access, and the red team is acting as an external threat.

    IMO, C is dicey because we don’t know where the application resides/runs in the network relative to the attack. The attacker is on the external (let’s say) public) network, and the application is running on the private/internal network, so even a port & vulnerability scanner won’t necessarily have the required access.

    Poorly worded, IMO.

    Reply

  2. C
    Not A, because you’re not there yet. Recon is the first step. Scanning for open ports and fingerprinting platforms and systems.

    5
    Reply

  3. It’s asking for the methodology to use by a red team black box test. You would have to use a port scanner, search for vulnerabilities and exploit found vulnerabilities. You can’t run a protocol analyzer if you dont know the server exists.
    I think it has to be C

    Reply

  4. I feel since the question says remote, external attackers they wouldn’t be using the protocol analyzer and need to do a port scan and vulnerability scan to get into the network in order to see the traffic. I am definitely not very experienced so feedback is welcome!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.