The BEST time to perform a penetration test is after:
A.
an attempted penetration has occurred.
B.
an audit has reported weaknesses in security controls.
C.
various infrastructure changes are made.
D.
a high turnover in systems staff.
Explanation:
Changes in the systems infrastructure are most likely to inadvertently introduce new exposures.
Conducting a test after an attempted penetration is not as productive since an organization should
not wait until it is attacked to test its defenses. Any exposure identified by an audit should be
corrected before it would be appropriate to test. A turnover in administrative staff does not warrant
a penetration test, although it may- warrant a review of password change practices and
configuration management.