A cybersecurity analyst has been tasked to perform a vulnerability assessment for a company with the requirement that it should mimic the perspective of an external attacker. The company hosts a web application that is accessible to the public. Which of the following methods is BEST suited to meet the stated requirement and yield the most relevant results?
Performing an uncredentialed external scan of the web facing application.
Conducting a credentialed scan from within the organization’s network.
Executing a passive internal scan using network sniffing tools.
Running an active internal scan with agentless in-depth checks on all devices.
|Incident Response and Management
|Reporting and Communication