Question

When using penetration testing to verify the strength of your security policy, which of the following is NOT recommended?

A. Mimicking attacks previously perpetrated against your system
B. Performing attacks without management knowledge
C. Using manual and automated attack tools
D. Re configuring the system to resolve any discovered vulnerabilities

Answer 1

In penetration testing, carrying out attacks without management knowledge is not recommended. Penetration testing should be authorized and supervised to ensure it is carried out legally and without damaging trust within the organization.

Step-by-step explanation:

When using penetration testing to verify the strength of your security policy, performing attacks without management knowledge is NOT recommended. Penetration testing should always be conducted with the knowledge and approval of management to ensure legality and maintain organizational trust. The other options, such as mimicking attacks previously perpetrated against your system, using both manual and automated attack tools, and reconfiguring the system to resolve any discovered vulnerabilities, are indeed part of a recommended approach to identify and strengthen security weaknesses.