A company conducted a penetration test 6 months ago. However, they have acquired new firewalls and servers to strengthen the network and increase capacity. Why would an administrator request a new penetration test?

A company conducted a penetration test 6 months ago. However, they have acquired new firewalls and servers to strengthen the network and increase capacity. Why would an administrator request a new penetration test?

• The attack surface has changed with the new equipment added.
• The servers require independent performance evaluation.
• The core data has been moved to the cloud infrastructure.
• New cloud-based applications have been implemented.

Explanation: Implementing a firewall, an IPS, anti-malware, a VPN, a web application firewall (WAF), and other modern security defenses is not enough. The validity of these defensive techniques needs to be tested regularly. As networks and systems change, the attack surface can vary as well, and when it does, the reevaluation of the security posture must be conducted by way of a penetration test.

Exam with this question: Ethical Hacker: Course Final Exam Answers