Certified Information Systems Auditor (CISA) — Question 52

Which of the following security assessment techniques attempts to exploit a system's open ports?

Answer options

• A. Vulnerability scanning
• B. Penetration testing
• C. Network scanning
• D. Password cracking

Correct answer: B

Explanation

Penetration testing is the correct answer because it actively seeks to exploit vulnerabilities, including those related to open ports, to assess system security. In contrast, vulnerability scanning identifies weaknesses without attempting to exploit them, network scanning focuses on discovering devices and their services, and password cracking aims to obtain user passwords rather than testing port vulnerabilities.