nerdexam
EC-Council

312-50V10 · Question #767

Which of the following statements regarding ethical hacking is incorrect?

The correct answer is B. Ethical hackers should never use tools or methods that have the potential of exploiting. Statement B is incorrect because ethical hackers must be permitted to use exploitation tools and techniques - that is the core purpose of authorized penetration testing. The remaining statements accurately describe legitimate ethical hacking principles.

Information Security and Ethical Hacking Fundamentals

Question

Which of the following statements regarding ethical hacking is incorrect?

Options

  • AAn organization should use ethical hackers who do not sell vendor hardware/software or other
  • BEthical hackers should never use tools or methods that have the potential of exploiting
  • CEthical hacking should not involve writing to or modifying the target systems.
  • DTesting should be remotely performed offsite.

How the community answered

(48 responses)
  • A
    6% (3)
  • B
    88% (42)
  • C
    2% (1)
  • D
    4% (2)

Why each option

Statement B is incorrect because ethical hackers must be permitted to use exploitation tools and techniques - that is the core purpose of authorized penetration testing. The remaining statements accurately describe legitimate ethical hacking principles.

AAn organization should use ethical hackers who do not sell vendor hardware/software or other

This statement is correct - ethical hackers should be free of conflicts of interest, including financial ties to vendors whose products are being assessed, to ensure objectivity.

BEthical hackers should never use tools or methods that have the potential of exploitingCorrect

This statement is incorrect because ethical hackers are explicitly authorized - and required - to use the same offensive tools, exploits, and techniques that real-world attackers use in order to accurately simulate threats and uncover genuine vulnerabilities. Prohibiting the use of exploitative tools would make penetration testing superficial and ineffective, leaving real security gaps undiscovered.

CEthical hacking should not involve writing to or modifying the target systems.

This statement is correct - ethical hacking engagements are designed to be non-destructive, and writing to or modifying target systems goes beyond authorized scope unless explicitly permitted.

DTesting should be remotely performed offsite.

This statement is correct - remote offsite testing is a widely accepted and common practice in ethical hacking engagements and does not violate any ethical hacking principle.

Concept tested: Ethical hacking principles and penetration testing scope

Topics

#ethical hacking principles#penetration testing ethics#authorized testing#exploit tools

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice