312-50V10 · Question #767
Which of the following statements regarding ethical hacking is incorrect?
The correct answer is B. Ethical hackers should never use tools or methods that have the potential of exploiting. Statement B is incorrect because ethical hackers must be permitted to use exploitation tools and techniques - that is the core purpose of authorized penetration testing. The remaining statements accurately describe legitimate ethical hacking principles.
Question
Which of the following statements regarding ethical hacking is incorrect?
Options
- AAn organization should use ethical hackers who do not sell vendor hardware/software or other
- BEthical hackers should never use tools or methods that have the potential of exploiting
- CEthical hacking should not involve writing to or modifying the target systems.
- DTesting should be remotely performed offsite.
How the community answered
(48 responses)- A6% (3)
- B88% (42)
- C2% (1)
- D4% (2)
Why each option
Statement B is incorrect because ethical hackers must be permitted to use exploitation tools and techniques - that is the core purpose of authorized penetration testing. The remaining statements accurately describe legitimate ethical hacking principles.
This statement is correct - ethical hackers should be free of conflicts of interest, including financial ties to vendors whose products are being assessed, to ensure objectivity.
This statement is incorrect because ethical hackers are explicitly authorized - and required - to use the same offensive tools, exploits, and techniques that real-world attackers use in order to accurately simulate threats and uncover genuine vulnerabilities. Prohibiting the use of exploitative tools would make penetration testing superficial and ineffective, leaving real security gaps undiscovered.
This statement is correct - ethical hacking engagements are designed to be non-destructive, and writing to or modifying target systems goes beyond authorized scope unless explicitly permitted.
This statement is correct - remote offsite testing is a widely accepted and common practice in ethical hacking engagements and does not violate any ethical hacking principle.
Concept tested: Ethical hacking principles and penetration testing scope
Topics
Community Discussion
No community discussion yet for this question.