A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers.
Which of the following would MOST likely be used to complete the assessment? (Select two.)
A. Agent-based vulnerability scan
B. Black-box penetration testing
C. Configuration review
D. Social engineering
E. Malware sandboxing
F. Tabletop exercise
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
i agree with C and F.
I am quite confident about C (configuration review).
However, the other feasible options are A (agent-based vulnerability scan) and F (tabletop exercise). Due to this specific requirement: “it must not affect any production servers”, I would eliminate A.
C and F then.
Discussion:
https://vceguide.com/which-of-the-following-would-most-likely-be-used-to-complete-the-assessment/