CISSP-ISSMP · Question #138
Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection schemes?
The correct answer is A. Penetration testing. Penetration Testing (pen testing) is specifically designed to simulate real-world attacks by adopting the perspective of a malicious threat actor. Testers actively attempt to exploit vulnerabilities to identify failures in security controls and protection schemes - providing empi
Question
Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection schemes?
Options
- APenetration testing
- BOn-site interviews
- CSecurity Test and Evaluation (ST&E)
- DAutomated vulnerability scanning tool
How the community answered
(21 responses)- A90% (19)
- C5% (1)
- D5% (1)
Explanation
Penetration Testing (pen testing) is specifically designed to simulate real-world attacks by adopting the perspective of a malicious threat actor. Testers actively attempt to exploit vulnerabilities to identify failures in security controls and protection schemes - providing empirical evidence of what an attacker could actually achieve. On-site interviews (B) gather information from personnel but involve no active exploitation. Security Test and Evaluation (ST&E) (C) is a broader, structured assessment of security controls that may not involve simulated attacks. Automated vulnerability scanning (D) identifies known vulnerabilities passively but does not actively exploit them the way penetration testing does.
Topics
Community Discussion
No community discussion yet for this question.