Which of the following is the MAIN objective in contracting with an external company to perform
penetration testing?
A.
To mitigate technical risks
B.
To have an independent certification of network security
C.
To receive an independent view of security exposures
D.
To identify a complete list of vulnerabilities
Explanation:
Even though the organization may have the capability to perform penetration testing with internal
resources, third-party penetration testing should be performed to gain an independent view of the
security exposure. Mitigating technical risks is not a direct result of a penetration test. A
penetration test would not provide certification of network security nor provide a complete list of
vulnerabilities.