During a security assessment, an organization explicitly asks the penetration tester to measure how much implicit trust exists between servers, applications, and network segments on its LAN. Referring to the OSSTMM, which tester tactic most directly fulfills the Trust Verification requirement for internal systems?
Evaluate each connection point, confirm how enforcement applies at each boundary, and validate the operation of claimed safeguards
Inspect perimeter defenses while limiting testing within the internal environment for simpler metrics
Conduct tests on a small selection of devices following a randomly chosen sampling strategy
Use multiple scanning utilities on endpoints, then compare results against vulnerability checklists
OSSTMM Trust Verification requires the tester to identify every interaction that depends on existing trust, assess enforcement at each boundary, and prove that declared safeguards actually operate. This demands a connection-by-connection review that validates controls under real conditions. Simple vulnerability scans, perimeter-only focus, or small random samples do not provide the evidence-based assurance OSSTMM mandates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'verifying trust between internal resources' mean?
Open an interactive chat with Bash
Why is random sampling not enough for verifying trust between systems?
Open an interactive chat with Bash
What tools can help validate safeguards and assess trust between systems?