CAP · Question #69
In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?
The correct answer is B. Penetration test. A Penetration Test (B) is the methodology where assessors (ethical hackers) are given full access to documentation (full-knowledge or white-box variant) or operate with no constraints, and actively attempt to exploit and circumvent security controls to simulate a real attack. Thi
Question
In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?
Options
- AFull operational test
- BPenetration test
- CPaper test
- DWalk-through test
How the community answered
(14 responses)- A7% (1)
- B93% (13)
Explanation
A Penetration Test (B) is the methodology where assessors (ethical hackers) are given full access to documentation (full-knowledge or white-box variant) or operate with no constraints, and actively attempt to exploit and circumvent security controls to simulate a real attack. This goes beyond review - it involves actual attack attempts against live systems. A Paper Test (C) reviews documentation only with no live system interaction. A Walk-Through Test (D) walks through procedures with stakeholders but does not exploit systems. A Full Operational Test assesses system performance under operational conditions, not adversarial security circumvention.
Topics
Community Discussion
No community discussion yet for this question.