PrepAway - Latest Free Exam Questions & Answers

Which of the following is NOT a valid reason to use ext…

Which of the following is NOT a valid reason to use external penetration service firms rather than corporate
resources?

PrepAway - Latest Free Exam Questions & Answers

A.
They are more cost-effective

B.
They offer a lack of corporate bias

C.
They use highly talented ex-hackers

D.
They ensure a more complete reporting

Explanation:
Two points are important to consider when it comes to ethical hacking: integrity and independence.
By not using an ethical hacking firm that hires or subcontracts to ex-hackers of others who have criminal
records, an entire subset of risks can be avoided by an organization. Also, it is not cost-effective for a single
firm to fund the effort of the ongoing research and development, systems development, and maintenance that
is needed to operate state-of-the-art proprietary and open source testing tools and techniques.
External penetration firms are more effective than internal penetration testers because they are not influenced
by any previous system security decisions, knowledge of the current system environment, or future system
security plans. Moreover, an employee performing penetration testing might be reluctant to fully report security
gaps.
Incorrect Answers:
A: External penetration service firms are more cost-effective than using corporate resources for penetration
testing. This is a valid reason to use external penetration service firms.
B: External penetration service firms do offer a lack of corporate bias compared to corporate resources. This is
a valid reason to use external penetration service firms.
D: External penetration service firms do tend to ensure more complete reporting than corporate resources. This
is a valid reason to use external penetration service firms.References:
Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, New York, 2001, p. 517


Leave a Reply