Certified Information Security Manager (CISM) — Question 170

Which of the following is the MOST important issue in a penetration test?

Answer options

• A. Performing the test without the benefit of any insider knowledge
• B. Having an independent group perform the test
• C. Having a defined goal as well as success and failure criteria
• D. Obtaining permission from audit

Correct answer: C

Explanation

Having a defined goal along with success and failure criteria is essential to guide the penetration test effectively, making option C the correct choice. While performing the test without insider knowledge (A) and having an independent group (B) are important, they do not outweigh the necessity of clear objectives. Obtaining permission from the audit (D) is also vital but is more about compliance than the core effectiveness of the test.