Attack Surface — CompTIA PenTest+ (PT0-002) Practice Questions
The attack surface encompasses all of the exposed entry points an adversary could potentially exploit, including open ports, web applications, email systems, and human targets such as employees susceptible to phishing. PT0-002 requires candidates to systematically enumerate and document the attack surface as part of the scoping and reconnaissance phases before any active exploitation begins. Reducing and understanding the attack surface is central to both the tester's planning process and the remediation recommendations delivered in the final report.
Free questions on attack surface
A company is concerned about their exposed attack surface. Which of the following is NOT part of the external attack surface?
Free question · medium · full answer + explanation
More attack surface questions in the full bank
- During application testing, you need to identify and test all input fields. Which approach is comprehensive? Unlock answer & explanation →
- What is API versioning exploitation? Unlock answer & explanation →
- How can API version endpoints be exploited? Unlock answer & explanation →