A security program manager wants to actively test the security posture of a system.The system is not yet in production and has no uptime requirement or active user base.
Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.
The answer to the question is C. Penetration testing.
Penetration testing is an active method of testing the security posture of a system. It involves simulating a real-world attack on the system to identify vulnerabilities that could be exploited by malicious actors. The goal is to identify and report on any security weaknesses that could potentially be exploited by attackers to gain unauthorized access, steal sensitive information, or disrupt system operations.
Penetration testing involves a team of skilled professionals who use a variety of techniques and tools to attempt to breach the system's defenses. These techniques may include social engineering, network scanning, vulnerability scanning, and exploitation of identified vulnerabilities.
The advantage of penetration testing over other testing methods is that it provides a more realistic assessment of the system's security posture. While vulnerability testing may identify potential vulnerabilities, it does not provide any information on whether these vulnerabilities are actually exploitable. Peer review and component testing, on the other hand, are passive methods of testing that do not involve actively attempting to breach the system's defenses.
In summary, penetration testing is the best method for actively testing the security posture of a system and producing a report that shows vulnerabilities that were actually exploited.