CompTIA CySA+ CS0-003 Practice Question
A cybersecurity analyst has been tasked to perform a vulnerability assessment for a company with the requirement that it should mimic the perspective of an external attacker. The company hosts a web application that is accessible to the public. Which of the following methods is BEST suited to meet the stated requirement and yield the most relevant results?
Conducting a credentialed scan from within the organization’s network.
Executing a passive internal scan using network sniffing tools.
Running an active internal scan with agentless in-depth checks on all devices.
Performing an uncredentialed external scan of the web facing application.