PrepAway - Latest Free Exam Questions & Answers

What kind of test should be recommended?

Your company has hired a third party company to conduct a penetration test. Your CIO would like to know if exploitation of critical business systems is possible. The two requirements the company has are:

(1) The tests will be conducted on live, business functional networks. These networks must be functional in order for business to run and cannot be shut down, even for an evaluation.
(2) The company wants the most in depth test possible.

What kind of test should be recommended?

PrepAway - Latest Free Exam Questions & Answers

A.
Zero knowledge

B.
Partial knowledge

C.
Full knowledge

D.
Vulnerability testing

Explanation:
C is the correct answer because the customer wants a full evaluation but is worried because of the importance of the network. Because the customer wants as full of an evaluation as possible but does not want the network in any kind of jeopardy, a full knowledge assessment is necessary because only a full knowledge assessment will allow for the most indepth analysis with the least amount of risk to the network.

Incorrect Answers and Explanations: A, B, and D: A is incorrect because a zero knowledge test will not produce the most in-depth assessment of the network. B is incorrect because a partial knowledge test, although better than zero knowledge, still will not produce the necessary assessment. D is incorrect because vulnerability testing does not exploit systems, which is a requirement of the test.


Leave a Reply