Chapter 1: Penetration Testing

1. D.   Tom's attack achieved the goal of denial by shutting down the web server and preventing legitimate users from accessing it.
2. B.   By allowing students to change their own grades, this vulnerability provides a pathway to unauthorized alteration of information. Brian should recommend that the school deploy integrity controls that prevent unauthorized modifications.
3. A.   Snowden released sensitive information to individuals and groups who were not authorized to access that information. That is an example of a disclosure attack.
4. C.   PCI DSS requires that organizations conduct both internal and external penetration tests on at least an annual basis. Organizations must ...