Which of the following describes the type of assessment that should be considered in this scope of work?

During a penetration testing engagement, a tester targets the internet-facing services used by the client.

Which of the following describes the type of assessment that should be considered in this scope of work?
A . Segmentation
B . Mobile
C . External
D . Web

View Answer

Answer: C

Explanation:

An external assessment focuses on testing the security of internet-facing services.

Here ’ s why option C is correct:

External Assessment: It involves evaluating the security posture of services exposed to the internet, such as web servers, mail servers, and other public-facing infrastructure. The goal is to identify vulnerabilities that could be exploited by attackers from outside the organization’s network. Segmentation: This type of assessment focuses on ensuring that different parts of a network are appropriately segmented to limit the spread of attacks. It’s more relevant to internal network architecture.

Mobile: This assessment targets mobile applications and devices, not general internet-facing services.

Web: While web assessments focus on web applications, the scope of an external assessment is broader and includes all types of internet-facing services.

Reference from Pentest:

Horizontall HTB: Highlights the importance of assessing external services to identify vulnerabilities that could be exploited from outside the network​.

Luke HTB: Demonstrates the process of evaluating public-facing services to ensure their security.

Conclusion:

Option C, External, is the most appropriate type of assessment for targeting internet-facing services used by the client.