Which of the following statements regarding ethical hacking is incorrect?
A.
Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an
organization’s systems.
B.
Testing should be remotely performed offsite.
C.
An organization should use ethical hackers who do not sell vendor hardware/software or other consulting
services.
D.
Ethical hacking should not involve writing to or modifying the target systems.
Explanation:
Ethical hackers use the same methods and techniques, including those that have the potential of exploiting
vulnerabilities, to test and bypass a system’s defenses as their less-principled counterparts, but rather than
taking advantage of any vulnerabilities found, they document them and provide actionable advice on how to fix
them so the organization can improve its overall security.
http://searchsecurity.techtarget.com/definition/ethical-hacker
Shouldn’t his be D since they use the same methods?
Answer should be A (Question is looking for incorrect answer)
This is about the C. An ‘IT Security’ guy may provide other IT services to her/his other clients. I think it is all about Ethics. When Pen Testing Reporting is standardized why to worry about the tester.This sort of things should go off.