which shows vulnerabilities that were actually exploited?

A security program manager wants to actively test the security posture of a system. The system is not yet
in production and has no uptime requirement or active user base. Which of the following methods will
produce a report which shows vulnerabilities that were actually exploited?

A security program manager wants to actively test the security posture of a system. The system is not yet
in production and has no uptime requirement or active user base. Which of the following methods will
produce a report which shows vulnerabilities that were actually exploited?

A.
Peer review

B.
Component testing

C.
Penetration testing

D.
Vulnerability testing

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

1 × 3 =

ali imran

ali imran

it is C not D

Reply

Dugan Nash

Dugan Nash

Agreed. “Actively test” is the giveaway.

Reply

Cosmin

Cosmin

D is correct, it talks about vulnerability testing not scanning, so it is active testing on known vulnerabilities.

Reply

Sambo

Sambo

Penetration testing is designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture. Since “The system is not yet in production” it looks to me the correct answer is Vulnerability testing. Tricky question I could be wrong. 🙂 Good Luck!

Reply

player1

player1

The last part of the question says “vulnerabilities that were actually exploited”

Vulnerability testing doesn’t actually exploit the found vulnerability where as the Penetration testing would.

Reply

asiakid

asiakid

I agree to player1. It is Pen test where vulns were exploited.

Reply