IT Examiner School eBook

Internal Use Only

Penetration Test (Pen Test)

Pen Test “tests” systems to find & exploit known vulnerabilities that an attacker could exploit

Determine if there are

Pen Test report will describe any weaknesses as “high”, “medium” or “low”

Require management’s knowledge & consent

Require a high degree of skill to perform

weaknesses and if able to access system functionality and data

Are intrusive as actual “attack” tools are used

Internal Use Only

Question 2 Fill in the blanks: A “vulnerability assessment” ______ vulnerabilities, while a “penetration test” _______

vulnerabilities. A. Assess; Corrects

B. Downloads new; Deletes old C. Scans for; Exploits discovered D. Exploits known; Discovers zero-day