DumpsBox
Home/isc2/Free ISC2 CISSP Actual Exam Questions/Question 7
← Back to Exam

Free ISC2 CISSP Actual Exam Questions - Question 7 Discussion

Question No. 7
When planning a penetration test, the tester will be MOST interested in which information?
Select one option, then reveal solution.
US
MF
Mohammad F.
2026-02-22

I get why B is popular, but I’d go with D here. Knowing which exploits can attack weaknesses seems key for planning the actual attack strategy. If you don’t know what’s effective against the system, just knowing access points won’t help much. You need to match your tools to the target’s vulnerabilities first. So, D makes more sense to me in terms of prioritizing what info guides your test plan the most.

0
MF
Mohammad F.
2026-02-22

Makes sense to focus on B here. Knowing the main network access points is critical because it tells you where you can actually get in. Without that info, even having exploits or backdoor plans isn’t useful since you don’t know where to apply them. A and D come after you’ve figured out your entry points, and C is more about physical or social engineering, which isn’t the main focus in standard pen testing planning. So B seems like the logical first step to me.

0
MF
Mohammad F.
2026-02-19

C imo, job applications and tours might reveal insider info or physical access opportunities that aren’t obvious from just network maps or exploits. Sometimes the easiest way in isn’t through the tech but through human factors or overlooked physical entry points. It’s not the usual answer, but could be critical depending on the scope.

0
MW
Mohammad W.
2026-02-11

I’m thinking B here too. You gotta know the main access points before anything else because that’s basically your entry map. Without that, having exploits ready (D) doesn’t help if you don’t know where to use them. Planning comes before attacking, so understanding the network layout is key.

0
HJ
Hassan J.
2026-01-27

It’s D for me. Even if you know the network access points, without understanding the specific exploits that target vulnerabilities, you can’t really plan an effective penetration test. Finding weak spots is important, but knowing how to actually exploit them is key to simulating a real attack. Options A and C feel less relevant since they’re more about potential entry methods rather than the core focus of planning the test itself. So, the tester’s main interest should be what weaknesses exist and how to exploit them—that’s what makes D stand out.

0
AE
Andre E.
2026-01-26

It’s B for me since understanding where the main network access points are lets you map the attack surface first. Without that, exploits or backdoors won’t matter much because you won’t know where to start.

0
AE
Andre E.
2026-01-25

A/C? The tester might want to know where back doors could be or where physical access might happen via job handouts and tours. Those details can give unexpected entry points beyond just network access.

0
RN
Rayan N.
2026-01-18

Option D makes the most sense too. Knowing which exploits can attack weaknesses helps the tester know what to focus on during the test. Without that, even if you find access points, you might not know how to actually get in or what to look out for. It’s about targeting the right vulnerabilities, not just finding entry spots.

0
SB
Sohail B.
2026-01-15

Probably B, the main network access points seem key for a pen test.

0