A security program manager wants to actively test the security posture of a system.The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited? 

Answer options:

A. Peer review
B. Component testing
C. Penetration testing
D. Vulnerability testing

C

A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.