CompTIA
SY0-301 · Question #328
SY0-301 Question #328: Real Exam Question with Answer & Explanation
The correct answer is D: Penetration testing. Penetration testing is the most intrusive form of testing because it actively exploits vulnerabilities on live production systems using real attack techniques, risking service disruption.
Question
Which of the following is the MOST intrusive type of testing against a production system?
Options
- AWhite box testing
- BWar dialing
- CVulnerability testing
- DPenetration testing
Explanation
Penetration testing is the most intrusive form of testing because it actively exploits vulnerabilities on live production systems using real attack techniques, risking service disruption.
Common mistakes.
- A. White box testing describes the level of knowledge given to the tester (full internal access) rather than the intrusiveness of the test method, and it is not inherently more disruptive than active exploitation.
- B. War dialing involves scanning phone numbers for connected modems and is far less intrusive than actively exploiting vulnerabilities on production systems.
- C. Vulnerability testing identifies and catalogs potential weaknesses without actively attempting to exploit them, making it less intrusive than penetration testing.
Concept tested. Penetration testing intrusiveness compared to other test types
Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final
Community Discussion
No community discussion yet for this question.