CISSP Practice question #100

In a pen test, in which phase would the tester try to get onto our network?
A: Gaining access.
B: Discovery.
C: System browsing.
D: Escalate privileges.

CBK 6: Security Assessment and Testing
Source: practice tests


A: Gaining Access: Access the network.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like


  1. Answer: A: Gaining access.

    Penetration Testing is a Network Security Service, which is one of several methods used to prevent unauthorized network intrusion.

    Penetration testing is also commonly referred to as a pen test (or ethical hacking) and is a method used to perform security testing on a network system used by a business or other organisation. Pen tests involve a variety of methodologies designed to explore a network to identify potential vulnerabilities and test to ensure the vulnerabilities are real.

    When penetration testing is performed properly, the results allow network professionals to make recommendations for fixing problems within the network that were discovered during the pen test. The main purpose of the pen test is to improve network security and provide protection for the entire network and connected devices against future attacks.

    Penetration testing helps to identify vulnerabilities within a network. This means there is a distinct difference between penetration testing and performing a vulnerability assessment. The terms penetration testing and vulnerability assessment are often confused and used interchangeably when in reality, the two terms have separate meanings.

    A pen test involves methods used to perform legal exploits on a network to prove that a security issue actually exists. A vulnerability assessment refers to the process of evaluating network systems and the services they provide for potential security problems.

    Penetration tests are designed to go above and beyond a vulnerability assessment by performing a simulation of the same scenario a hacker would use to penetrate a network. During a pen test a vulnerability assessment is performed however, it is only one of several methodologies involved in a comprehensive penetration test.


    Penetration testing in simple terms is a simulation of a process a hacker would use to launch an attack on a business network, attached devices, network applications, or a business website. The purpose of the simulation is to identify security issues before hackers can locate them and perform an exploit.

    Pen tests identify and confirm actual security issues and report on the manner in which the security issues can be located and exploited by hackers. When performed consistently, a pen test process will inform your business where the weaknesses exist in your security model. This ensures your business can achieve a balance between maintaining the best network security possible and ensuring ongoing business functions in terms of possible security exploits. The results of a pen test can also assist your business with improved planning when it comes to business continuity and disaster recovery.

    Although pen tests simulate methods hackers would use to attack a network, the difference is the pen test is performed without malicious intent. For this reason, network professionals should have the appropriate authorization from organisational management before proceeding to conduct a pen test on the network. Additionally, if the penetration test is not planned correctly and is lacking in components, the end result could be disruption of business continuity and daily operations.

Leave a Reply