CompTIA PenTest+ PT0-002 Practice Question
When conducting a penetration test, you are to evaluate the security posture of both the public-facing (external) applications and the internal network infrastructure of an organization. Assuming that all legal permissions and access rights are in place, which approach would BEST align with the penetration testing strategy to comprehensively assess the security of both external and internal targets within the confines of the test scope?
A combination of network-based tests for the internal infrastructure and application-based tests for the public-facing applications
Exclusive external testing of the perimeter networks and public IP addresses
Purely passive reconnaissance of both external and internal assets
Full knowledge testing using source code analysis and network sniffing for both external and internal targets