A security program manager wants to actively test the security posture of a system. The system is not yet
in production and has no uptime requirement or active user base. Which of the following methods will
produce a report which shows vulnerabilities that were actually exploited?
A.
Peer review
B.
Component testing
C.
Penetration testing
D.
Vulnerability testing
it is C not D
0
0
Agreed. “Actively test” is the giveaway.
0
0
D is correct, it talks about vulnerability testing not scanning, so it is active testing on known vulnerabilities.
0
0
Penetration testing is designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture. Since “The system is not yet in production” it looks to me the correct answer is Vulnerability testing. Tricky question I could be wrong. 🙂 Good Luck!
0
0
The last part of the question says “vulnerabilities that were actually exploited”
Vulnerability testing doesn’t actually exploit the found vulnerability where as the Penetration testing would.
0
0
I agree to player1. It is Pen test where vulns were exploited.
0
0