Certified in Risk and Information Systems Control (CRISC) — Question 950

The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

Answer options

• A. verify Internet firewall control settings.
• B. ensure policy and regulatory compliance.
• C. identify vulnerabilities in the system.
• D. assess the proliferation of new threats.

Correct answer: C

Explanation

The correct answer is C, as the primary goal of penetration testing is to identify vulnerabilities that could be exploited by attackers. While options A, B, and D are important considerations, they are not the main focus of penetration testing, which specifically aims to uncover security flaws in the system.