The reason C (and also A and B) is wrong is because they talk about "network." Penetration testing is more than just networks, so I think the only right choice here is D, because it does not limit the scope.
As a pentester myself, I'd go with D. However, this can be a trick question, as I'm not just identifying vulnerabilities at a particular point in time (that's what vulnerability scans do), I'm exploiting them with a goal of testing (assuring) the security of the network.
D. identify vulnerabilities at a particular point in time
The primary purpose of a penetration test, also known as a pen test or ethical hacking, is to identify vulnerabilities in a computer system, network, or application at a specific point in time. Penetration testing involves simulating real-world attacks to discover weaknesses in security defenses. It helps organizations understand their current security posture and assess the effectiveness of their security measures.
C. Penetration test provides the greatest level of assurance regarding the effectiveness of implemented security controls as they simulate real-world attack situation. Pen testing typically includes a vulnerability assessment, BUT it goes beyond IDENTIFCATION of vulnerabilities.
The whole point of a penetration test is to tell you how well your security stand up against a threat. If I wanted to find out about vulnerabilities, I’d get a vulnerability assessment… clearly it’s C.
the primary purpose of a penetration test is indeed to provide assurance of the security of the network. The main objective is to assess the effectiveness of existing security controls, identify vulnerabilities, and determine the potential impact of a real-world attack. By conducting penetration testing, organizations can gain insights into their security posture, validate the effectiveness of their security measures, and make informed decisions for improving their overall security.
While identifying vulnerabilities at a particular point in time is a key aspect of penetration testing, the ultimate goal is to provide assurance and enhance the security of the network.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CarlLimps
Highly Voted 1 year, 9 months agoaokisan
Highly Voted 1 year, 11 months agoMarcelus1714
Most Recent 8 months agoa43
8 months, 1 week agoAlexJacobson
10 months, 1 week agooluchecpoint
1 year, 2 months agoGoseu
1 year, 4 months agojennarink13
1 year, 4 months agorichck102
1 year, 5 months ago45
1 year, 5 months agowello
1 year, 5 months agoZiggybooboo
2 years ago