A company is concerned about their exposed attack surface. Which of the following is NOT part of the external attack surface?

  1. Publicly accessible web applications
  2. DNS records and domain registrations
  3. Internal network shares accessible only to authenticated employees ✓
  4. Internet-facing mail servers

Correct answer: Internal network shares accessible only to authenticated employees

Option C is correct because internal network shares that are only accessible to authenticated employees are part of the internal attack surface, not the external one; the external attack surface consists only of assets reachable from the internet without internal network access. Option A is wrong because publicly accessible web applications are by definition externally reachable and are a primary component of the external attack surface. Option B is wrong because DNS records and domain registrations are publicly visible and can reveal subdomains, mail servers, and infrastructure details that attackers enumerate during external reconnaissance. Option D is wrong because internet-facing mail servers are directly reachable from the public internet and are a well-known external attack surface target.

Topic: · attack surface, external reconnaissance, pentest+, network security

Practice CompTIA PenTest+ (PT0-002) Questions Free