CSSLP · Question #113
CSSLP Question #113: Real Exam Question with Answer & Explanation
The correct answer is A: Kernel flaws. Penetration tests aim to uncover vulnerabilities across various domains, including low-level operating system flaws, software design defects, configuration weaknesses, user behavior, and the presence of malicious software. This comprehensive approach identifies exploitable weakne
Question
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test? Each correct answer represents a complete solution. Choose all that apply.
Options
- AKernel flaws
- BInformation system architectures
- CRace conditions
- DFile and directory permissions
- EBuffer overflows
- FTrojan horses
- GSocial engineering
Explanation
Penetration tests aim to uncover vulnerabilities across various domains, including low-level operating system flaws, software design defects, configuration weaknesses, user behavior, and the presence of malicious software. This comprehensive approach identifies exploitable weaknesses from technical to human elements.
Common mistakes.
- B. Information system architectures describe the design and structure of systems; while architectural flaws can lead to vulnerabilities, the architecture itself is not an exploitable 'area' in the same direct sense as the other choices, but rather the blueprint that might contain design weaknesses that manifest as exploitable flaws in components.
Concept tested. Penetration testing scope and targets
Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.