Certified Information Systems Security Professional (CISSP) — Question 339

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

Answer options

• A. Information may be found on hidden vendor patches.
• B. The actual origin and tools used for the test can be hidden.
• C. Information may be found on related breaches and hacking.
• D. Vulnerabilities can be tested without impact on the tested environment.

Correct answer: C

Explanation

The correct answer is C because the dark web often contains information about past breaches and hacking activities that can inform a penetration test. Options A and B are less relevant, as while vendor patches could be useful, they are not the primary focus of a penetration test. Option D is incorrect because the purpose of the dark web in this context is not to test vulnerabilities without impact.