Basic Concept: Modern penetration testing increasingly leverages AI to automate the reconnaissance, exploitation, and pivoting process. AI-assisted automated penetration testing can adapt its strategy based on previous results, simulating intelligent adversary behavior more realistically than static scripts. CompTIA SecAI+ covers AI-assisted offensive security techniques.
Why D is Correct: Automated penetration testing uses AI to systematically discover and attempt to exploit vulnerabilities while adapting tactics based on the results of previous attempts. The described behavior — looking at the current state, suggesting attack vectors, and adjusting based on outcomes — precisely describes an adaptive AI-driven penetration testing tool that iteratively explores the attack surface, mimicking how an advanced persistent threat would operate.
Why A is Wrong: Manual signature matching compares network traffic or files against a database of known threat signatures. It is a passive detection technique used by defensive tools like IDS/IPS, not an adaptive offensive technique for bypassing organizational boundaries.
Why B is Wrong: Code quality testing analyzes source code for bugs, vulnerabilities, and adherence to coding standards. It is a development quality assurance activity, not an offensive security technique for testing organizational security boundaries.
Why C is Wrong: Fraud detection uses ML to identify suspicious patterns in transactions or user behavior for defensive purposes. It is a preventive security measure, not an offensive technique for penetration testing.
Submit