nerdexam
(ISC)2

CAP · Question #69

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

The correct answer is B. Penetration test. A Penetration Test (B) is the methodology where assessors (ethical hackers) are given full access to documentation (full-knowledge or white-box variant) or operate with no constraints, and actively attempt to exploit and circumvent security controls to simulate a real attack. Thi

Assessment/Audit of Security and Privacy Controls

Question

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

Options

  • AFull operational test
  • BPenetration test
  • CPaper test
  • DWalk-through test

How the community answered

(14 responses)
  • A
    7% (1)
  • B
    93% (13)

Explanation

A Penetration Test (B) is the methodology where assessors (ethical hackers) are given full access to documentation (full-knowledge or white-box variant) or operate with no constraints, and actively attempt to exploit and circumvent security controls to simulate a real attack. This goes beyond review - it involves actual attack attempts against live systems. A Paper Test (C) reviews documentation only with no live system interaction. A Walk-Through Test (D) walks through procedures with stakeholders but does not exploit systems. A Full Operational Test assesses system performance under operational conditions, not adversarial security circumvention.

Topics

#Penetration Testing#Security Assessment#Testing Methodologies#Vulnerability Exploitation

Community Discussion

No community discussion yet for this question.

Full CAP Practice