Certified Information Security Manager (CISM) — Question 60

The PRIMARY purpose of a penetration test is to:

Answer options

• A. test network load capability
• B. validate firewall and router configuration
• C. provide assurance of the security of the network
• D. identify vulnerabilities at a particular point in time

Correct answer: D

Explanation

The primary goal of a penetration test is to identify vulnerabilities at a specific point in time, allowing organizations to understand their security posture. While testing network load capability, validating configurations, and providing assurance of security are important, they do not represent the main focus of penetration testing, which is to find and report vulnerabilities.