Question

A security administrator is aware that a portion of the companys Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company internet. Which of the following should the administrator perform?

A. Patch management assessment.
B. Business impact assessment.
C. Penetration test.
D. Vulnerability assessment.

Answer 1

C. Penetration test.

Step-by-step explanation:

Based on the scenario being described within the question it can be said that the administrator should perform a penetration test. This is a fake cyber attack that is performed on you own computer system in order to check for any exploitable vulnerabilities that the system may have. This will allow the administrator to figure out to what degree those systems can be used to gain access to the company internet.