An IS auditor doing penetration testing during an audit of internet connections would:
A.
evaluate configurations.
B.
examine security settings.
C.
ensure virus-scanning software is in use.
D.
use tools and techniques available to a hacker.
Explanation:
Penetration testing is a technique used to mimic an experienced hacker attacking a live site by using tools and techniques available to a hacker. The other choices are procedures that an IS auditor would consider undertaking during an audit of Internet connections, but are not aspects of penetration testing techniques.
a
0
0
Answer A. an IS Auditor has to evaluate configurations. It is vital to check the lists of users permissions access to internet to match the users/staff allowed to access the same based upon the corporate policy.
—
\Ans B – An IS Auditor once evaluating the config would come accross the Sec setting -which would be highligtened in Audit report
\Ans C – IS Auditor is not his duty to ensure but to find out whether such antiVirus mentioned in the Sec Policy are in place.
\Ans D – An IS auditor may resort to hacking tools in the conduct on his pentest
0
0