nerdexam
CompTIA

SY0-301 · Question #328

Which of the following is the MOST intrusive type of testing against a production system?

The correct answer is D. Penetration testing. Penetration testing is the most intrusive form of testing because it actively exploits vulnerabilities on live production systems using real attack techniques, risking service disruption.

Security operations

Question

Which of the following is the MOST intrusive type of testing against a production system?

Options

  • AWhite box testing
  • BWar dialing
  • CVulnerability testing
  • DPenetration testing

How the community answered

(40 responses)
  • A
    5% (2)
  • C
    3% (1)
  • D
    93% (37)

Why each option

Penetration testing is the most intrusive form of testing because it actively exploits vulnerabilities on live production systems using real attack techniques, risking service disruption.

AWhite box testing

White box testing describes the level of knowledge given to the tester (full internal access) rather than the intrusiveness of the test method, and it is not inherently more disruptive than active exploitation.

BWar dialing

War dialing involves scanning phone numbers for connected modems and is far less intrusive than actively exploiting vulnerabilities on production systems.

CVulnerability testing

Vulnerability testing identifies and catalogs potential weaknesses without actively attempting to exploit them, making it less intrusive than penetration testing.

DPenetration testingCorrect

Penetration testing goes beyond identifying vulnerabilities by actively attempting to exploit them using the same methods a real attacker would use against a live production system. This makes it the most intrusive type because active exploitation can cause service disruptions, data modification, or system instability on operational infrastructure. Unlike vulnerability scanning, a penetration test demonstrates actual exploitability and real-world impact rather than theoretical risk.

Concept tested: Penetration testing intrusiveness compared to other test types

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#penetration testing#vulnerability testing#production systems#security testing

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice