A client asks a penetration tester to retest its network a week after the scheduled maintenance window. Which of the following is the client attempting to do?
A.
Determine if the tester was proficient.
B.
Test a new non-public-facing server for vulnerabilities.
A retest is a follow-up assessment where the penetration tester checks if the vulnerabilities found in the initial test have been fixed or mitigated by the client. A retest can provide many benefits, such as verifying the effectiveness of the remediation actions, showing improvement to internal or external stakeholders, and reducing the risk of future exploitation. A retest is usually performed after a certain period of time, which can be agreed upon in the rules of engagement or the statement of work. A week after the scheduled maintenance window is a reasonable time frame to allow the client to apply the necessary patches or configuration changes to their network. Therefore, the client is most likely attempting to test the efficacy of the remediation effort by asking for a retest. References:
•The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 7: Reporting and Communication, page 375-376.
•Is a Re-Test Included with a Penetration Test?1
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit