An IS auditor doing penetration testing during an audit of internet connections would:

A. evaluate configurations.

B. examine security settings.

C. ensure virus-scanning software is in use.

D. use tools and techniques available to a hacker.

Explanation:

Penetration testing is a technique used to mimic an experienced hacker attacking a live site by using tools and techniques available to a hacker. The other choices are procedures that an IS auditor would consider undertaking during an audit of Internet connections, but are not aspects of penetration testing techniques.