YouTube
shieldCISSP Practice Domain 6 — Security Assessment and Testing Q8 of 120

What is the primary distinguishing characteristic of a penetration test versus a vulnerability assessment?

A CISSP practice question covering Domain 6: Security Assessment and Testing. Try answering before reading the explanation below.

Show options & answer
A
Penetration tests use automated tools; vulnerability assessments do not
B
Penetration tests attempt to actively exploit vulnerabilities; vulnerability assessments only identify them
✓ Correct answer
C
Vulnerability assessments require written authorization; penetration tests do not
D
Penetration tests are always black-box; vulnerability assessments are always white-box
Why "Penetration tests attempt to actively exploit vulnerabilities; vulnerability assessments only identify them" is the right answer

Vulnerability assessment = identify and report. Penetration test = attempt active exploitation to demonstrate impact. Both can use automation; both require written authorization (the rules of engagement). Box color (black/white/gray) is independent of the engagement type.

Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.
Start full test →

Other practice tests

All practice tests CISSP videos Glossary