30.3k views
1 vote
Which of the following is NOT a characteristic of a penetration test?

a. Automated
b. Finds deep vulnerabilities
c. Performed occasionally
d. May use internal employees or external consultants

User Tim Ogilvy
by
7.8k points

1 Answer

2 votes

Final answer:

In the context of penetration testing, the characteristic that is NOT applicable is that the tests are automated; while automated tools are used, human expertise plays a crucial role. The correct option is c. Performed occasionally.

Step-by-step explanation:

The subject of the question is penetration testing, which is an assessment to evaluate the security of an information system by simulating an attack from malicious outsiders. Among the given options, the one that is NOT a characteristic of a penetration test is that it is automated. While there are automated tools used in penetration testing, the process itself often involves a combination of automated and manual techniques handled by skilled testers, whether they are internal employees or external consultants. These tests are not solely automated because they seek to find deep vulnerabilities that may require human ingenuity to discover and exploit. Furthermore, penetration tests are performed occasionally, not constantly, to identify security weaknesses that need to be addressed.

A penetration test, also known as a pen test, is an authorized simulated cyber attack on a computer system to evaluate its security. Penetration tests can be automated or manual, and they aim to find vulnerabilities in a system by replicating real-world attack scenarios. These are typically performed periodically to ensure that any new vulnerabilities are identified and addressed. They can be conducted by internal employees who specialize in cybersecurity or by external consultants who are experts in the field. Therefore, option c, performed occasionally, is not a characteristic of a penetration test.

User Andre Mendes
by
7.9k points