Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Red teams specialize in offensive security testing, simulating attacks to identify vulnerabilities in systems and applications. Their primary goal is to mimic the tactics of real-world attackers, focusing solely on finding weaknesses without addressing defensive strategies or response mechanisms. Thus, they do not cover the defensive aspect necessary for a comprehensive security approach.

Blue teams are responsible for defensive security measures, working to protect an organization by monitoring, detecting, and responding to security threats. While they excel at strengthening defenses and responding to attacks, they do not engage in offensive testing techniques, which limits their perspective on potential vulnerabilities and attack vectors.

Yellow teams are not a standard designation in security testing practices and do not specifically refer to any established methodology that combines offensive and defensive techniques. As such, they lack recognition and defined roles within the security domain, making this choice irrelevant for the question posed.