Why might an tester review open job postings for a target organization?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Why might an tester review open job postings for a target organization?

Explanation:
Reviewing open job postings is about gathering publicly available information to infer the target’s technology stack and deployment practices. Job ads often list the platforms and tools teams use—cloud providers (AWS, Azure, GCP), container platforms (Kubernetes, Docker), configuration and provisioning tools (Terraform, Ansible), CI/CD pipelines (Jenkins, GitLab CI), and security tooling (SIEMs, vulnerability scanners). They may also mention languages, databases, and middleware. This helps the tester build an internal map of the organization’s infrastructure, focusing reconnaissance and validation on likely technologies and configurations, which improves the accuracy of an engagement’s attack surface assessment. Other options don’t fit as well because legal constraints are not typically described in job postings, source code isn’t exposed through listings, and CEO contact information isn’t the purpose of this OSINT activity.

Reviewing open job postings is about gathering publicly available information to infer the target’s technology stack and deployment practices. Job ads often list the platforms and tools teams use—cloud providers (AWS, Azure, GCP), container platforms (Kubernetes, Docker), configuration and provisioning tools (Terraform, Ansible), CI/CD pipelines (Jenkins, GitLab CI), and security tooling (SIEMs, vulnerability scanners). They may also mention languages, databases, and middleware. This helps the tester build an internal map of the organization’s infrastructure, focusing reconnaissance and validation on likely technologies and configurations, which improves the accuracy of an engagement’s attack surface assessment.

Other options don’t fit as well because legal constraints are not typically described in job postings, source code isn’t exposed through listings, and CEO contact information isn’t the purpose of this OSINT activity.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy