312-50V11 · Question #683
"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.
The correct answer is B. Penetration Testing. Penetration testing is an authorized security assessment where testers actively attack systems using the same real-world methodologies and tools that malicious actors use to identify exploitable weaknesses.
Question
"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.
Options
- AVulnerability Scanning
- BPenetration Testing
- CSecurity Policy Implementation
- DDesigning Network Security
How the community answered
(45 responses)- A2% (1)
- B89% (40)
- C7% (3)
- D2% (1)
Why each option
Penetration testing is an authorized security assessment where testers actively attack systems using the same real-world methodologies and tools that malicious actors use to identify exploitable weaknesses.
Vulnerability scanning is an automated process that identifies known weaknesses using predefined signatures and checks, but does not actively exploit vulnerabilities or replicate attacker techniques.
Penetration testing involves skilled testers who simulate adversarial attacks by using actual attacker tools such as exploit frameworks, port scanners, and credential attacks against a target system with explicit authorization. This mirrors real threat actor behavior and provides organizations with concrete evidence of what a genuine breach attempt would look like, going beyond passive scanning to active exploitation.
Security policy implementation refers to enforcing documented organizational security rules and controls, which is an administrative activity unrelated to active adversarial testing.
Designing network security involves planning and architecting security controls and topologies, which is a proactive engineering activity rather than an adversarial testing methodology.
Concept tested: Definition and scope of penetration testing methodology
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.