A penetration tester is assessing a power plant's industrial control system (ICS) network, which includes legacy hardware and proprietary protocols that automated scanners cannot interpret. The assessment must identify architectural flaws, insecure operational procedures, and physical security gaps. Which of the following is the most effective assessment technique for this scenario?
A manual, on-site assessment to review system architecture, observe processes, and physically inspect devices
A review of firewall and switch configurations to map network segmentation
Passive network monitoring using a mirrored port to capture and analyze OT traffic
An authenticated network scan using credentials with administrative access to all hosts
A manual, on-site assessment is the most effective technique because it allows the tester to directly observe and interact with the legacy ICS environment, identifying vulnerabilities in physical security, operational processes, and system architecture that automated tools cannot detect. While passive network monitoring, authenticated scanning, and configuration reviews are valuable, they would be incomplete on their own. Passive monitoring and scanning cannot fully interpret proprietary protocols, and a configuration review would miss the physical and procedural flaws specified in the scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an on-site inspection in penetration testing?
Open an interactive chat with Bash
Why can't automated tools detect all vulnerabilities?
Open an interactive chat with Bash
How does on-site inspection differ from log analysis or network observation?