312-50V10 · Question #683
"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.
The correct answer is B. Penetration Testing. Penetration testing is the practice of simulating real-world attacks by using the same tools and techniques that malicious actors use to identify exploitable weaknesses.
Question
"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.
Options
- AVulnerability Scanning
- BPenetration Testing
- CSecurity Policy Implementation
- DDesigning Network Security
How the community answered
(22 responses)- B95% (21)
- C5% (1)
Why each option
Penetration testing is the practice of simulating real-world attacks by using the same tools and techniques that malicious actors use to identify exploitable weaknesses.
Vulnerability scanning only identifies and catalogues potential weaknesses using automated tools but does not attempt to exploit them using attacker techniques.
Penetration testing is formally defined as a security assessment that mimics attacker methodologies, including reconnaissance, exploitation, and post-exploitation, to discover vulnerabilities before adversaries do. Unlike passive assessments, it involves active exploitation attempts using the same tools an attacker would use. This distinguishes it from all other listed options.
Security policy implementation refers to the process of defining and enforcing organizational rules and controls, not to active attack simulation.
Designing network security is a planning and architecture activity focused on building defenses, not on testing them using adversarial methods.
Concept tested: Definition of penetration testing vs. other assessments
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.