3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning

A penetration test is a form of vulnerability scan that is performed by a special team of trained white hat security specialists rather than by an internal security administrator using an automated tool. Penetration testing (aka ethical hacking) uses the same tools, techniques, and skills of real-world criminal hackers as a methodology to test the deployed security infrastructure of an organization. Penetration testing is usually performed without the IT or security staff being aware of it, as senior management often schedules ethical hacking events. This allows the penetration test to assess the performance of the infrastructure ...

Get CompTIA Security+™: Review Guide, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.