Are you studying for the Certified Information Systems Auditor or CISA certifications?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
In the course of performing a network assessment an IT auditor is worried that vulnerabilities with aspects of the companys remote access solution that might allow unauthorized access to the intranet with local resource privileges. What is the most effective type of penetration testing to assess the materiality of the vulnerabilities?
External
Blind
Internal
Targeted
A. External testing is used to test attacks. It is also used to control circumvention attempts on the target's network perimeter that come from outside the target system, e.g., the Internet. B. Internal testing refers to attacks and control circumvention attempts on the target from within the perimeter. The main objective is to identify what would happen if the external network perimeter is successfully compromised or if an authorized user from within the network compromises the security of a specific resource on the network. For the given concern, the internal testing method is the most appropriate type of penetration testing. C. Blind testing is used by a penetration tester who has no knowledge of the target information system. D. Targeted testing is used when both the target's IT team and tester are provided with information related to the target and network design.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.