CompTIA CySA+ CS0-003 Practice Question
A cybersecurity analyst has been tasked to perform a vulnerability assessment for a company with the requirement that it should mimic the perspective of an external attacker. The company hosts a web application that is accessible to the public. Which of the following methods is BEST suited to meet the stated requirement and yield the most relevant results?
Running an active internal scan with agentless in-depth checks on all devices.
Conducting a credentialed scan from within the organization’s network.
Executing a passive internal scan using network sniffing tools.
Performing an uncredentialed external scan of the web facing application.