CISSP – Information Systems Security Management Professional (ISSMP) — Question 38

Which of the following penetration testing phases involves reconnaissance or data gathering?

Answer options

Correct answer: B

Explanation

The correct answer is B, as the Pre-attack phase focuses on gathering information about the target, which is essential for planning an effective penetration test. The Attack phase (A) involves executing the test, while the Post-attack phase (C) relates to analysis after the attack. The Out-attack phase (D) is not a recognized term in penetration testing.