Q: 7
Which of the following is the MOST significant indicator of the need to perform a penetration test?
Options
Discussion
Option B. Had something like this in a mock, security incidents jump out as the main trigger.
B tbh, because actual security incidents mean vulnerabilities are already getting exploited. D is a common trap since infra changes can introduce new risks, but it isn't as strong a signal as seeing real attacks. Pretty sure the exam wants B here but open to debate if you see it differently.
Its B, matches official guide and most practice exams I've seen. Lab questions also frame it this way.
D imo. Infrastructure changes could introduce new risks, so I'd watch for that trap option here.
B tbh, if security incidents are rising, that's a direct sign something's not working and pen testing is needed. The others could trigger a review, but real events matter most. Pretty sure that's what ISACA wants here. Agree?
Don't think it's D, that's more about proactive checks. B is the big red flag in real incident terms.
B no doubt.
B, seen similar wording in exam reports so that's what I'd pick here.
B or D. D applies for proactive checks but B is the stronger sign something's already being exploited.
B or D here honestly. Seeing more incidents (B) is usually the stronger flag but after big infra changes (D) a lot of orgs schedule pen tests too. I think B edges it but open if someone has a different angle.
Be respectful. No spam.
