Effective CISSP Questions

After vulnerability assessment, you are moving on to exploit an E-Commerce website’s prioritized vulnerabilities in a well-planned penetration testing project. As a penetration tester, which of the following risk should you consider foremost for the customer’s sake?
A. Failure of the target
B. Lack of the get-out-of-jail-free card
C. Detailed documentation of the exploitation
D. Objectivity of the evaluation of exploitation endeavor

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Failure of the target.

Pen Testing Methodologies
Pen Testing Methodologies

The purpose of penetration testing is to identify, analyze, evaluate, and exploit vulnerabilities to get insights into them and develop solutions to mitigate risk. Failure of the target may result in business loss or disrupts the delivery of products or services. Even though detailed documentation of the exploitation and objectivity of the evaluation of exploitation endeavor is important when conducting penetration testing, business always holds priority from the customer’s perspective. The penetration team should keep this in mind all the time.

The get-out-of-jail-free card is crucial to the penetration team, but this question asks the customer’s perspective or for the customer’s sake. So, The get-out-of-jail-free card is not as important to the customer.



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

弱點評鑑之後,您將繼續在具有良好規畫的滲透測試專案中,對一個電子商務網站已排定優先順序的漏洞進行滲透。 作為滲透測試人員,若為客戶著想,您應優先考慮以下哪項風險?
A. 測試目標失效
B. 缺少免責同意書
C. 滲透過程的詳細文件記錄
D. 滲透難易度評估的客觀性

1 thought on “CISSP PRACTICE QUESTIONS – 20210309

  1. Pingback: 滲透測試方法(Pen Testing Methodologies) – Choson資安大小事

Leave a Reply