Which of the following processes will you involve to perform the active analysis of the system for
any potential vulnerabilities that may result from poor or improper system configuration, known
and/or unknown hardware or software flaws, or operational weaknesses in process or technical
countermeasures?

A.
Penetration testing

B.
Baselining

C.
Risk analysis

D.
Compliance checking

Explanation:
A penetration testing is a method of evaluating the security of a computer system or
network by simulating an attack from a malicious source. The process involves an active analysis
of the system for any potential vulnerabilities that may result from poor or improper system
configuration, known or unknown hardware or software flaws, or operational weaknesses in
process or technical countermeasures. This analysis is carried out from the position of a potential
attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are
found will be presented to the system owner together with an assessment of their impact and often

with a proposal for mitigation or a technical solution. The intent of a penetration test is to
determine feasibility of an attack and the amount of business impact of a successful exploit, if
science of risks and their probability and evaluation in a business or a process. It is an important
factor in security enhancement and prevention in a system. Risk analysis should be performed as
part of the risk management process for each project. The outcome of the risk analysis would be
the creation or review of the risk register to identify and quantify risk elements to the project and
safeguards and controls to verify whether the entity is complying with particular procedures, rules
or not. It includes the inspection of operational systems to guarantee that hardware and software
controls have been correctly implemented and maintained. Compliance checking covers the
activities such as penetration testing and vulnerability assessments. Compliance checking must be
Baselining is a method for analyzing the performance of computer networks. The method is
marked by comparing the current performance to a historical metric, or “baseline”. For example, if
a user measured the performance of a network switch over a period of time, he could use that
performance figure as a comparative baseline if he made a configuration change to the switch.