An IS auditor doing penetration testing during an audit of internet connections would:

A.
evaluate configurations.

B.
examine security settings.

C.
ensure virus-scanning software is in use.

D.
use tools and techniques available to a hacker.

Explanation:
Penetration testing is a technique used to mimic an experienced hacker attacking a live site by using
tools and techniques available to a hacker. The other choices are procedures that an IS auditor
would consider undertaking during an audit of Internet connections, but are not aspects of
penetration testing techniques.