CAP · Question #31
In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?
The correct answer is C. Penetration test. A penetration test (pen test) is an authorized, simulated cyberattack where assessors actively attempt to exploit vulnerabilities and circumvent security controls using all available documentation and tools with minimal restrictions. Unlike a walk-through test (which traces proce
Question
In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?
Options
- AFull operational test
- BWalk-through test
- CPenetration test
- DPaper test
How the community answered
(47 responses)- B4% (2)
- C94% (44)
- D2% (1)
Explanation
A penetration test (pen test) is an authorized, simulated cyberattack where assessors actively attempt to exploit vulnerabilities and circumvent security controls using all available documentation and tools with minimal restrictions. Unlike a walk-through test (which traces procedures step-by-step without live exploitation), a paper test (purely document-based review), or a full operational test (which evaluates system operations under normal conditions), a penetration test specifically focuses on actively breaking through security defenses to identify real-world weaknesses before malicious actors do.
Topics
Community Discussion
No community discussion yet for this question.