Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IIA-CIA-Part3 Exam - Topic 2 Question 90 Discussion

Actual exam question for IIA's IIA-CIA-Part3 exam
Question #: 90
Topic #: 2
[All IIA-CIA-Part3 Questions]

According to IIA guidance, which of the following statements is true regarding penetration testing?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Alana at Sep 16, 2024, 07:53 AM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part3 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Iraida
4 months ago
D makes sense, management needs to know how to respond.
upvoted 0 times
...
Elfrieda
4 months ago
Wait, are we really not telling anyone? That seems risky.
upvoted 0 times
...
Chu
4 months ago
C sounds right, gotta cover all bases!
upvoted 0 times
...
Magda
5 months ago
I disagree, testing during busy times can cause chaos.
upvoted 0 times
...
Clarinda
5 months ago
A is definitely true, keeps it realistic!
upvoted 0 times
...
Jesus
5 months ago
I’m a bit confused about the scope of testing. I thought it should cover both preventive and detective controls, but I can't recall the exact guidance.
upvoted 0 times
...
Portia
5 months ago
I feel like we practiced a question similar to this, and I think the focus should be on preventive controls, which makes me lean towards D.
upvoted 0 times
...
Carlene
5 months ago
I think option B sounds familiar, but I’m not sure if heavy operational times are the best for testing.
upvoted 0 times
...
Carline
6 months ago
I remember discussing how penetration testing should ideally be unannounced to get a genuine response from the organization.
upvoted 0 times
...
Ezekiel
6 months ago
I'm a little confused by the wording of these options. I know penetration testing is important, but I'm not sure which one is the correct IIA-recommended approach. I'll have to re-read the question and options more closely.
upvoted 0 times
...
Skye
6 months ago
Okay, I think I've got it. The guidance says testing should address the preventive controls and management's response, so I'll go with option D.
upvoted 0 times
...
Chuck
6 months ago
Hmm, I'm a bit unsure about this. I know the IIA guidance is important, but I can't remember the specifics on penetration testing. I'll have to think this through carefully.
upvoted 0 times
...
Christa
6 months ago
I'm pretty confident on this one. The IIA guidance says testing should be announced to the organization, not kept secret, so I'll rule out option A.
upvoted 0 times
...
Lelia
6 months ago
I'm not too familiar with the different wireless authentication protocols, but based on the details provided, I think option A, IEEE 802.1X using EAP-TLS, is the way to go. It seems to best match the requirements.
upvoted 0 times
...
Thersa
1 year ago
I'm feeling a bit like a hacker myself, so I'm going to have to go with A. Surprise, surprise!
upvoted 0 times
...
Beckie
1 year ago
D is the right choice, no doubt. Gotta make sure the management team is ready to handle any potential security breaches.
upvoted 0 times
Abraham
1 year ago
D) Testing should address the preventive controls and management's response.
upvoted 0 times
...
Lon
1 year ago
B) Testing should take place during heavy operational time periods to test system resilience.
upvoted 0 times
...
Brandon
1 year ago
A) Testing should not be announced to anyone within the organization to solicit a real-life response.
upvoted 0 times
...
...
Bobbye
1 year ago
I'm feeling a bit mischievous, so I'm gonna go with A. Surprise attack, baby! Let's see how the organization handles a real-life situation.
upvoted 0 times
Alaine
1 year ago
User 3: I agree, but it's important to ensure that the organization is prepared for unexpected tests like that.
upvoted 0 times
...
Aleisha
1 year ago
User 2: That's a bold move! It could definitely provide valuable insights on the organization's readiness.
upvoted 0 times
...
Marla
1 year ago
A) Testing should not be announced to anyone within the organization to solicit a real-life response.
upvoted 0 times
...
...
Lawrence
1 year ago
D is the way to go. Preventive controls are where it's at. Might as well just unplug the whole system if you're not testing those.
upvoted 0 times
Dustin
1 year ago
D) Testing should address the preventive controls and management's response.
upvoted 0 times
...
Tamie
1 year ago
B) Testing should take place during heavy operational time periods to test system resilience.
upvoted 0 times
...
Estrella
1 year ago
A) Testing should not be announced to anyone within the organization to solicit a real-life response.
upvoted 0 times
...
...
Zita
2 years ago
I'm going with B. Gotta test the system when it's really under pressure, you know? See how it holds up in the trenches.
upvoted 0 times
Julie
1 year ago
Agreed, testing resilience is crucial for security measures.
upvoted 0 times
...
Sabra
1 year ago
Yeah, it's important to see how the system performs under pressure.
upvoted 0 times
...
Kiley
1 year ago
I think B is the best option too. Testing during heavy operational time periods makes sense.
upvoted 0 times
...
...
Katie
2 years ago
I agree with Hortencia, D makes sense because testing should address preventive controls.
upvoted 0 times
...
Camellia
2 years ago
I disagree, I believe the answer is A.
upvoted 0 times
...
Nichelle
2 years ago
Option D looks like the correct answer to me. Testing should focus on the preventive controls and how management responds to potential attacks.
upvoted 0 times
Odette
2 years ago
Yes, focusing on preventive controls and management's response is key in ensuring the security of the organization.
upvoted 0 times
...
Ashleigh
2 years ago
I agree, option D is the correct answer. Preventive controls are crucial in penetration testing.
upvoted 0 times
...
...
Hortencia
2 years ago
I think the answer is D.
upvoted 0 times
...

Save Cancel