Which of the following is a penetration testing method?
Searching the WHOIS database for administrator contact information
Running a port scanner against the target’s network
War driving from a target’s parking lot to footprint the wireless network
Calling the target’s helpdesk, requesting a password reset
A penetration test is a proactive and authorized attempt to evaluate the security of an IT infrastructure by safely
attempting to exploit system vulnerabilities, including OS, service and application flaws, improper
configurations, and even risky end-user behavior. Such assessments are also useful in validating the efficacy of
defensive mechanisms, as well as end-users’ adherence to security policies.
Penetration testing evaluates an organization’s ability to protect its networks, applications, endpoints and users
from external or internal attempts to circumvent its security controls to gain unauthorized or privileged access to
protected assets. Test results validate the risk posed by specific security vulnerabilities or flawed processes,
enabling IT management and security professionals to prioritize remediation efforts. By embracing more
frequent and comprehensive penetration testing, organizations can more effectively anticipate emerging
security risks and prevent unauthorized access to critical systems and valuable information.
Penetration tests are not always technically clever attempts to access a network. By calling the target’s
helpdesk and requesting a password reset, if they reset the password without requiring proof that you are
authorized to request a password change, you can easily gain access to the network.