When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company’s contact with the cloud provider prevents any activities that would interfere with the cloud provider’s other customers.

When engaging with a penetration-testing company to test the application, which of the following should the company avoid?
A . Crawling the web application’s URLs looking for vulnerabilities
B . Fingerprinting all the IP addresses of the application’s servers
C . Brute forcing the application’s passwords
D . Sending many web requests per second to test DDoS protection

View Answer

Answer: D