Which of the following is an example of penetration testing?
A.
Implementing NIDS on a network
B.
Implementing HIDS on a computer
C.
Simulating an actual attack on a network
D.
Configuring firewall to block unauthorized traffic
Explanation:
Penetration testing is a method of evaluating the security of a computer system or
network by simulating an attack from a malicious source, known as a Black Hat Hacker, or
Cracker. The process involves an active analysis of the system for any potential vulnerabilities that
may result from poor or improper system configuration, known and/or unknown hardware or
software flaws, or operational weaknesses in process or technical countermeasures. This analysis
is carried out from the position of a potential attacker, and can involve active exploitation of
security vulnerabilities. Any security issues that are found will be presented to the system owner
together with an assessment of their impact and often with a proposal for mitigation or a technical
solution. The intent of a penetration testing is to determine feasibility of an attack and the amount
of business impact of a successful exploit, if discovered. It is a component of a full security audit.
unauthorized traffic are not examples of penetration testing.