Which of the following is a penetration testing method?
A.
Searching the WHOIS database for administrator contact information
B.
Running a port scanner against the target’s network
C.
War driving from a target’s parking lot to footprint the wireless network
D.
Calling the target’s helpdesk, requesting a password reset
Explanation:
A penetration test is a proactive and authorized attempt to evaluate the security of an IT
infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and
application flaws, improper configurations, and even risky end-user behavior. Such assessments
are also useful in validating the efficacy of defensive mechanisms, as well as end-users’
adherence to security policies.
Penetration testing evaluates an organization’s ability to protect its networks, applications,endpoints and users from external or internal attempts to circumvent its security controls to gain
unauthorized or privileged access to protected assets. Test results validate the risk posed by
specific security vulnerabilities or flawed processes, enabling IT management and security
professionals to prioritize remediation efforts. By embracing more frequent and comprehensive
penetration testing, organizations can more effectively anticipate emerging security risks and
prevent unauthorized access to critical systems and valuable information.
Penetration tests are not always technically clever attempts to access a network. By calling the
target’s helpdesk and requesting a password reset, if they reset the password without requiring
proof that you are authorized to request a password change, you can easily gain access to the
network.