CompTIA CASP+ Practice Test

To comply with a new regulation on external attacks, which test should an organization conduct?

• A. Conduct a white box penetration test
• B. Conduct a black box penetration test
• C. Perform a vulnerability assessment
• D. Execute a security audit

The correct answer is: Conduct a black box penetration test

In the context of preparing for external attacks, conducting a black box penetration test is highly beneficial. This type of test simulates a real-world attack scenario where the testers do not have any prior knowledge of the internal workings of the system being tested. It mirrors the perspective of an external threat actor trying to exploit vulnerabilities without any insider information. The primary goal of a black box penetration test is to assess the organization's security posture from an outsider's vantage point, identifying vulnerabilities that could be exploited in an actual attack. This method is particularly valuable in understanding how an external attacker might approach breaching the organization’s defenses and allows for a realistic evaluation of the effectiveness of existing security measures. The other options do provide important security assessments but focus on different aspects. For instance, a white box penetration test involves having access to internal information, which might not align closely with evaluating exposure to external threats. A vulnerability assessment, while important, is generally broader and less hands-on than penetration testing; it identifies vulnerabilities but does not actively exploit them to test defenses. Lastly, executing a security audit is an overall review of policies and controls rather than specifically probing for vulnerabilities from the perspective of an external attacker. Each of these other assessments has its place in a comprehensive security strategy, but for