New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CISSP Exam - Topic 4 Question 74 Discussion

Actual exam question for ISC2's CISSP exam
Question #: 74
Topic #: 4
[All CISSP Questions]

A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration

test. What is the BEST course of action?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Ettie at Aug 10, 2023, 06:29 AM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Adelina
3 months ago
Surprised that external tests are prioritized!
upvoted 0 times
...
Fallon
3 months ago
Really? I thought internal tests should come first.
upvoted 0 times
...
Leanora
4 months ago
Option B is important too, gotta know the policies!
upvoted 0 times
...
Justine
4 months ago
Totally agree, D is the way to go!
upvoted 0 times
...
Jovita
4 months ago
I think option D makes the most sense. Start external, then internal.
upvoted 0 times
...
Caprice
4 months ago
I’m leaning towards option D as well. It seems logical to do the external test first, but I wonder if there are any specific guidelines we should follow when notifying the organization.
upvoted 0 times
...
Britt
4 months ago
I feel like option A is relevant because understanding regulations is crucial, but I don’t see how it directly relates to the testing process itself.
upvoted 0 times
...
Rolande
5 months ago
I remember a practice question that emphasized reviewing corporate policies before any testing. So, option B could be important too, but I’m not confident it’s the best first step.
upvoted 0 times
...
Penney
5 months ago
I think option D makes the most sense since it suggests starting with the external test, which is often a priority. But I'm not entirely sure if we need to notify everyone first.
upvoted 0 times
...
Phil
5 months ago
Okay, I've got it. A service inventory architecture is all about flexibility and adaptability, so the statement has to be true. Confident in this answer.
upvoted 0 times
...
Christiane
5 months ago
Hmm, this seems like a tricky one. I'll need to think carefully about the different states a change request can go through.
upvoted 0 times
...
Felicitas
10 months ago
I'm going to have to go with option D, but I've got to say, 'Configuring a Wireless Access Point (WAP) with the same Service Set Identifier'? That's like a bad joke, right? I mean, who Felicitasn does that these days?
upvoted 0 times
Shawna
9 months ago
It does seem like an odd choice, but it's important to follow the proper procedures for security testing.
upvoted 0 times
...
Carman
9 months ago
Yeah, setting up a WAP with the same SSID sounds like a risky move.
upvoted 0 times
...
Alton
9 months ago
Yeah, I don't understand why anyone would configure a WAP with the same SSID for an external test.
upvoted 0 times
...
Melda
9 months ago
I agree, it's important to notify the organization before conducting the tests.
upvoted 0 times
...
Jarvis
9 months ago
Option D seems like the best approach for the penetration test.
upvoted 0 times
...
Huey
10 months ago
I agree, option D seems like the best course of action for the penetration test.
upvoted 0 times
...
...
Isadora
10 months ago
Wow, this question really throws a wrench in the works, doesn't it? I'd say option D is the safest bet, but I'd also want to do a thorough review of the data localization requirements. Just to be on the safe side, you know?
upvoted 0 times
...
Fernanda
10 months ago
Hold up, did you say 'Configuring a Wireless Access Point (WAP) with the same Service Set Identifier'? That's a bit of a curveball! I'm going to have to go with option D on this one.
upvoted 0 times
Merissa
10 months ago
I think so too. It's important to notify the organization before conducting any tests.
upvoted 0 times
...
Francoise
10 months ago
Yes, I agree. Option D seems like the best course of action in this situation.
upvoted 0 times
...
...
Marnie
10 months ago
I'm not sure, this question seems a bit tricky. I'd want to review the corporate policies and procedures first, just to make sure we're not missing anything important.
upvoted 0 times
...
Leonardo
10 months ago
But shouldn't we also consider data localization requirements and regulations to ensure compliance?
upvoted 0 times
...
Alison
11 months ago
Hmm, I think option D is the way to go. Doing an external test first, then an internal one, seems like the most comprehensive approach.
upvoted 0 times
Loren
9 months ago
True, it's important to have a solid understanding of the existing security measures before conducting the tests.
upvoted 0 times
...
Janey
9 months ago
That's a good point, reviewing security policies can help set the foundation for the penetration tests.
upvoted 0 times
...
Charlene
9 months ago
But wouldn't it be better to review corporate security policies and procedures first to ensure everything is in place?
upvoted 0 times
...
Alpha
10 months ago
I agree, starting with an external test can help identify vulnerabilities from an outside perspective.
upvoted 0 times
...
...
Cherry
11 months ago
I agree with Daniela, it's important to have a solid foundation before conducting any tests.
upvoted 0 times
...
Daniela
11 months ago
I think we should review corporate security policies and procedures first.
upvoted 0 times
...

Save Cancel