PrepAway - Latest Free Exam Questions & Answers

Management can expect penetration tests to provide all of the following EXCEPT

Management can expect penetration tests to provide all of the following EXCEPT

PrepAway - Latest Free Exam Questions & Answers

A.
identification of security flaws

B.
demonstration of the effects of the flaws

C.
a method to correct the security flaws.

D.
verification of the levels of existing infiltration resistance

Explanation:
Not B: It is not the objective of the pen tester to supply a method on how to correct the flaws. In fact
management may decide to accept the risk and not repair the flaw. They may be able to
demonstrate the effects of a flaw – especially if they manage to clobber a system!
Penetration testing is a set of procedures designed to test and possibly bypass security controls of a
system. Its goal is to measure an organization’s resistance to an attack and to uncover any
weaknesses within the environment…The result of a penetration test is a report given to
management describing the list of vulnerabilities that were identified and the severity of those
vulnerabilities. From here, it is up to management to determine how the vulnerabilities are dealt
with and what countermeasures are implemented. – Shon Harris All-in-one CISSP Certification
Guide pg 837-839


Leave a Reply