Question

you have been hired as a penetration tester by an organization that wants you to conduct a risk assessment of their dmz. the company provided rules of engagement states that you must do all penetration testing from an external ip address without being given any prior knowledge of the internal it system architecture. what kind of penetration test have you been hired to perform?

Answer 1

You have been hired to conduct a black-box penetration test on an organization's DMZ, simulating an external attacker with no prior knowledge of the internal systems.

Step-by-step explanation:

You have been hired to perform a black-box penetration test on an organization's DMZ (demilitarized zone). In a black-box test, the penetration tester starts without any knowledge of the internal systems and must discover and exploit vulnerabilities from an external position, just as a real-world attacker would. This approach simulates an attack by external hackers who have no prior knowledge of the system. During your assessment, you will need to identify the services, systems, and potential vulnerabilities existing within the DMZ, and exploit these to assess the risk they might pose to the company.