A security program manager wants to actively test the security posture of a system. The system is
not yet in production and has no uptime requirement or active user base. Which of the following
methods will produce a report which shows vulnerabilities that were actually exploited?
A.
Peer review
B.
Component testing
C.
Penetration testing
D.
Vulnerability testing
“Actively test” is not passive so it cannot be Vulnerability testing. Pen tests produce a report which vulnerability was exploited by the pen test.
3
0
“shows vulnerabilities that were actually exploited” => Pen testing
https://www.coresecurity.com/penetration-testing-overview
A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.
4
0
True, Pentest exploits the vulnerabilities. it doesn’t matter if its on production or development
2
0
I think the keywords are “not yet in production”. Penetration tests are always performed in a production environment.
0
0
Pen tests can be performed on any environment. The key point is that a pen simulates an actual attack. Pen testing is external security testing conducted from outside the organization’s security perimeter. It involves an active analysis for many potential vulnerabilities, with the attack only being limited by the ‘rules of engagement’, or the scope of work.
Whether the environment is development, QA, production, or anything else is not relevant.
Best wishes to all on the exam.
0
0
Pen test can be deployed in sandbox Jeremy
1
0
BTW, NEW SY0-401 PDF Dumps from Google Drive for Free: https://drive.google.com/open?id=0B-ob6L_QjGLpcG9CWHp3bXlNTTg
0
5