A company conducted a penetration test 6 months ago. However, they have acquired new firewalls and servers to strengthen the network and increase capacity. Why would an administrator request a new penetration test?
- The core data has been moved to the cloud infrastructure.
- The servers require independent performance evaluation.
- New cloud-based applications have been implemented.
- The attack surface has changed with the new equipment added.
| Explanation & Hints:
Implementing a firewall, an IPS, anti-malware, a VPN, a web application firewall (WAF), and other modern security defenses is not enough. The validity of these defensive techniques needs to be tested regularly. As networks and systems change, the attack surface can vary as well, and when it does, the reevaluation of the security posture must be conducted by way of a penetration test. |