312-50V9 · Question #593
"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.
The correct answer is B. Penetration Testing. The statement - testing a network using attacker methodologies and tools - is the definition of penetration testing, distinguishing it from passive or automated assessment approaches.
Question
"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.
Options
- AVulnerability Scanning
- BPenetration Testing
- CSecurity Policy Implementation
- DDesigning Network Security
How the community answered
(51 responses)- A2% (1)
- B94% (48)
- D4% (2)
Why each option
The statement - testing a network using attacker methodologies and tools - is the definition of penetration testing, distinguishing it from passive or automated assessment approaches.
Vulnerability scanning is an automated, non-exploitative process that identifies known weaknesses through probing, without actively employing attacker tools or attempting to exploit findings.
Penetration testing is formally defined as the authorized simulation of real-world attacks against a system or network using the same tools, techniques, and procedures employed by malicious threat actors. Unlike passive scanning, penetration testing actively attempts exploitation to confirm whether vulnerabilities are genuinely exploitable and to measure real security posture. The phrase 'same methodologies and tools employed by attackers' is the core differentiator that defines penetration testing over all other assessment types.
Security policy implementation involves developing and enforcing organizational rules and standards, not actively testing systems with offensive techniques.
Designing network security refers to the planning and architectural phase of building secure infrastructure, which is a proactive design activity rather than adversarial testing.
Concept tested: Penetration testing definition vs vulnerability scanning and other assessments
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.