A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers.
Which of the following would MOST likely be used to complete the assessment? (Select two.)
A. Agent-based vulnerability scan
B. Black-box penetration testing
C. Configuration review
D. Social engineering
E. Malware sandboxing
F. Tabletop exercise
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Agent scan will be faster and use less traffic.
Tabletop exercise more a discussion?
I would go with A and C….
A and C
I agree with configuration review. But focus on lowering costs and not affecting productions servers…..it should be a tabletop exercise and not an agent scan. Scans can affect the network which may affect the performance of a server.
That what you’re describing is not what tabletop exercise is. Let me help you: Per NIST, “A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation.” (https://csrc.nist.gov/glossary/term/tabletop_exercise#:~:text=Definition(s)%3A,to%20a%20particular%20emergency%20situation.)
I agree, A&C.