Penetration testing (pen testing) is a simulated cyberattack used to assess security weaknesses in an ICT system.
B. Identifying failures in ICT protection schemes – Correct answer. The goal of penetration testing is to find vulnerabilities in networks, applications, and systems before attackers can exploit them. This aligns with ISO/IEC 27001:2022 Annex A Control A.8.16 (Monitoring Activities) and A.8.8 (Management of Technical Vulnerabilities).
A. Code reviews are not the primary goal of pen testing; static analysis tools are used for code security.
C. Physical inspections relate to hardware security audits, which are separate from penetration testing.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit