Certified Information Systems Security Professional – CISSP – Question239

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

A.
Third-party vendor with access to the system
B. System administrator access compromised
C. Internal attacker with access to the system
D. Internal user accidentally accessing data

Correct Answer: C