CISSP · Question #705
A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of acti
The correct answer is D. With notice to the organization, perform an external penetration test first, then an internal test.. Security best practice is to start with an external penetration test because it simulates how an outside attacker would first attempt to breach the organization’s perimeter (firewalls, public‑facing servers, VPNs, etc.). Once external findings are understood and remediated, an in
Question
A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of action?
Options
- AReview data localization requirements and regulations.
- BReview corporate security policies and procedures,
- CWith notice to the Configuring a Wireless Access Point (WAP) with the same Service Set
- DWith notice to the organization, perform an external penetration test first, then an internal test.
How the community answered
(34 responses)- A3% (1)
- B18% (6)
- C9% (3)
- D71% (24)
Explanation
Security best practice is to start with an external penetration test because it simulates how an outside attacker would first attempt to breach the organization’s perimeter (firewalls, public‑facing servers, VPNs, etc.). Once external findings are understood and remediated, an internal penetration test can then assess what an attacker could do if they gained a foothold inside the network, such as privilege escalation and lateral movement.
Topics
Community Discussion
No community discussion yet for this question.