Validating ranges directly with the client promotes coverage while preventing out-of-scope testing. Automated discovery may include unrelated segments, relying on a public source can be outdated or incomplete, and performing a targeted DNS sweep alone risks missing segments that are not captured by name records.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to confirm the address blocks with the client during a security test?
Open an interactive chat with Bash
What could happen if automated host discovery is used without client confirmation?
Open an interactive chat with Bash
What are the limitations of using DNS sweeps or open databases for address validation?