Exam PT0-002 topic 1 question 84 discussion

B. Bandwidth limitations as this could affect the legacy equipment that will be scanned.

D. Testing a firewall to see what ports are open not penetrating the firewall. Use ack or fin scan.

This came from ChatGPT: A full port scan and OS discovery using aggressive techniques (e.g., SYN scan, service version probing) could cause instability or crashes on old systems.

D. The type of scan. Before running a penetration test, especially on a network with decades-old legacy systems, the tester must carefully choose the type of scan to avoid unintended disruptions. Some older systems might be highly sensitive to aggressive scanning techniques (e.g., full port scans with SYN/FIN packets or deep OS fingerprinting), potentially causing system crashes or network instability.

Isn't the point of this scan is to "identify all the systems"? So option C is what you want to know.

The inventory of assets is helpful, but the type of scan is what directly impacts the safety of legacy systems during a penetration test. You must choose a non-intrusive scan type to prevent crashes or disruptions. CompTIA exams prioritize minimizing disruption in sensitive environments. Therefore, D. The type of scan directly addresses the need to protect legacy systems from harm during testing.

C. Knowing the inventory helps the tester avoid direct interactions with legacy systems, thereby protecting them from unnecessary risk. Although bandwidth is a legitimate concern, having a proper inventory provides a more strategic solution by enabling selective testing and avoiding high-risk systems altogether.

This is a hard one, as all of these need consideration. Timing is essential in any scan, not any more or less important on legacy systems. Bandwidth is the same. If you're just scanning, and you are, then they should be able to support a scan. The type of scan is important, particularly if you're trying to get into the legacy systems to retrieve info (i.e. SNMP vs SSH or in the clear vs encrypted, blah, blah....). The inventory, though, may be the most important. Inventory is the MOST important though, because it says assets and versions. Remember, the CISO wants to test the security of the new firewall, not the vulnerability of the legacy systems. So, with a proper inventory (to include IP's), you could exclude those IP addresses and test the firewall without affecting the legacy systems at all.

You'd be surprised how many people still run on 4x1 or less.

The keyword here is "decades-old legacy systems"

" a subnetwork on which many decades- old legacy systems are connected. " Sometimes CompTIA is generous is giving us a big fat clue as to what the answer is. They said "many decades old" I am old enough to remember when 10mb Ethernet was a lot of bandwidth. Again, "decades old". Answer is B bandwidth limitations.

A: Possible B: Unlikely as even old systems with let's say 10mbit Lan should be able to weather a port scan C: The description say we want to discover so using the inventory is an unlikely solution D. The type of scan: The type of scan (e.g., aggressive, stealth, non-intrusive) can significantly impact network systems. Aggressive scans are more thorough but can be more disruptive, especially to older systems. Non-intrusive scans are less likely to cause disruptions but might not provide as detailed information. Choosing the right type of scan for the environment is crucial.

inventory, then consider they type of scan that is safe to use on the legacy system

The most crucial to the penetration tester would be the inventory of assets and versions so they don't break the system (worse than breaking the business for a LIMITED time)

When dealing with older legacy systems, there are specific concerns that a penetration tester must take into account before running a scan. Legacy systems might not be as robust as modern systems, and they could be more sensitive to certain types of scans. Among the given options, B. The bandwidth limitations is a critical consideration. Many older systems may not handle high levels of network traffic very well, and a full port scan or OS discovery can generate a significant amount of traffic. This could potentially lead to issues such as network slowdowns or even crashes of the legacy systems. So, the penetration tester should understand the bandwidth limitations and carefully plan the scan to ensure that it doesn't inadvertently cause problems with the systems they are trying to evaluate. This consideration helps ensure that the test doesn't disrupt normal operations or damage the systems themselves.

The correct answer is C. The inventory of assets and versions. Before running a scan, the penetration tester should consider the inventory of assets and versions of the systems on the subnetwork. Legacy systems can have different vulnerabilities and security issues compared to modern systems. Understanding the inventory of assets will help the tester focus on identifying potential risks specific to the legacy systems. While the other options (A, B, and D) are important considerations in penetration testing, they are not directly related to evaluating legacy systems' security.

C. The inventory of assets and versions. Understanding the inventory of assets and their associated versions is crucial before conducting a scan. This information helps the penetration tester identify the legacy systems and their specific characteristics, including potential vulnerabilities that may be present in outdated or unsupported software or hardware. By having a clear inventory, the penetration tester can tailor the scan to focus on the specific systems and versions present in the subnetwork, ensuring a more targeted and accurate assessment.