Multiple Choice
A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to add the penetration tester's source IP addresses to the client's IPS whitelist for the duration of the test. Which of the following is the BEST argument as to why the penetration tester's source IP addresses should be whitelisted?
A) Whitelisting prevents a possible inadvertent DoS attack against the IPS and supporting log-monitoring systems.
B) Penetration testing of third-party IPS systems often requires additional documentation and authorizations; potentially delaying the time-sensitive test.
C) IPS whitelisting rules require frequent updates to stay current, constantly developing vulnerabilities and newly discovered weaknesses.
D) Testing should focus on the discovery of possible security issues across all in-scope systems, not on determining the relative effectiveness of active defenses such as an IPS.
Correct Answer:
Verified
Correct Answer:
Verified
Q59: In which of the following components is
Q60: A penetration tester has gained access to
Q61: A penetration tester executes the following commands:
Q62: A penetration tester is performing initial intelligence
Q63: A penetration tester is performing initial intelligence
Q65: A penetration tester is performing a code
Q66: A penetration tester runs the following on
Q67: Which of the following would be the
Q68: A company hires a penetration tester to
Q69: A consultant is performing a social engineering