Which one of the following is the PRIMARY objective of penetration testing?
A.
Assessment
B.
Correction
C.
Detection
D.
Protection
Explanation:
Its goal is to measure an organization’s resistance to an attack and to uncover any weakness
within the environment…The result of a penetration test is a report given to management
describing the list of vulnerabilities that were identified and the severity of those vulnerabilities. -Shon Harris All-in-one CISSP Certification Guide pg 837-839
Not A: Assessment would imply management deciding whether they can live with a given
vulnerability.
Ms Harris says: “Its goal is to measure…”. Detection is not as close to ‘measure’ as Assessment is..
“Assessment” is the same as “Measurement” so it can’t be “Detection. The correct answer should be A
Detect – discover or identify the presence or existence of.
I think the question is based in such a way that,
1. Vulnerabilities discovered (detect)
2. Assess what’s discovered.