An IS auditor doing penetration testing during an audit of internet connections would:

A.
evaluate configurations.

B.
examine security settings.

C.
ensure virus-scanning software is in use.

D.
use tools and techniques available to a hacker.

Explanation:
Penetration testing is a technique used to mimic an experienced hacker attacking a live site by using tools and
techniques available to a hacker. The other choices are procedures that an IS auditor would consider
undertaking during an audit of Internet connections, but are not aspects of penetration testing techniques.