(1)Penetration Testing

Question 1

What is Penetration Testing?

Answer 1

Penetration Testing is where an org does a practice (but not damaging to production systems) attack against an org using the same set of weaponry available to real attackers

Question 2

When conducting a Penetration Test, what does a Pentester do?

Answer 2

A Pentester tries to access particular systems and information and then reports this information to whoever asked them to conduct the test.

Question 3

Who conducts penetration tests?

Answer 3

Penetration tests are conducted by either people who work for the company who are doing the test or third party contractors.

Question 4

If a penetration test is being conducted internally, what needs to be true about the individual conducting it?

An internal pentest is very time consuming.

Answer 4

The individual conducting the penetration test on an internal pentest needs to be very skilled.

An internal pentest is very time consuming.

Question 5

What does an external pentest entail?

Answer 5

External pentests involve an outside agency but are very expensive to do.

Question 6

Even though penetration tests are costly and involved, should orgs conduct them and why?

Answer 6

Despite the barriers to the pentest, organizations should do them regularly because they are a fantastic indicator of an org’s cybersecurity posture.