nerdexam
GIAC

GSLC · Question #70

GSLC Question #70: Real Exam Question with Answer & Explanation

The correct answer is D. Simulating an actual attack on a network. Penetration testing is the practice of actively simulating real-world attacks against a system or network in an authorized, controlled manner to identify exploitable vulnerabilities.

Question

Which of the following is an example of penetration testing?

Options

  • AImplementing HIDS on a computer
  • BImplementing NIDS on a network
  • CConfiguring firewall to block unauthorized traffic
  • DSimulating an actual attack on a network

Explanation

Penetration testing is the practice of actively simulating real-world attacks against a system or network in an authorized, controlled manner to identify exploitable vulnerabilities.

Common mistakes.

  • A. Implementing a Host Intrusion Detection System (HIDS) is a defensive monitoring control that detects suspicious activity on a host, not an active simulation of an attack.
  • B. Implementing a Network Intrusion Detection System (NIDS) is a passive detective control that identifies intrusions in progress, not a proactive penetration test.
  • C. Configuring a firewall to block unauthorized traffic is a preventive security control and not an activity that simulates an attacker attempting to compromise a network.

Concept tested. Definition and purpose of penetration testing

Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice