CISA Certified Information Systems Auditor – Question1505

An IS auditor doing penetration testing during an audit of internet connections would:

A.
evaluate configurations.
B. examine security settings.
C. ensure virus-scanning software is in use.
D. use tools and techniques available to a hacker.

Correct Answer: D

Explanation:

Explanation:
Penetration testing is a technique used to mimic an experienced hacker attacking a live site by using tools and techniques available to a hacker. The other choices are procedures that an IS auditor would consider undertaking during an audit of Internet connections, but are not aspects of penetration testing techniques.