Friday, August 28, 2015

CISSP Exam Preparation (Question 310)

(310) Management can expect penetration tests to provide all of the following EXCEPT

A. identification of security flaws
B. demonstration of the effects of the flaws
C. a method to correct the security flaws.
D. verification of the levels of existing infiltration resistance

Correct Answer: C

Explanation

Explanation/Reference:

Explanation:

Penetration testing is a set of procedures designed to test and possibly bypass security controls of a system. Its goal is to measure an organization's resistance to an attack and to uncover any weaknesses within the environment...The result of a penetration test is a report given to management describing the list of vulnerabilities that were identified and the severity of those vulnerabilities. From here, it is up to management to determine how the vulnerabilities are dealt with and what countermeasures are implemented. - Shon Harris All-in-one CISSP Certification Guide pg 837-839

- Muhammad Idham Azhari

No comments: