Describe penetration testing.

What will be an ideal response?

Penetration testing generally involves four standard activities. The first of these is exploration, which is where the target is identified and characterized. The second step is examination, which is where different probes are used to gather data that will support the attack. These are typically tool-based. A map of the avenues of attack is then drawn from those probes. Once the target is fully understood, the tester will attempt the exploit that was planned. The final phase in the process is the documentation of findings, typically in the form of a report to the management of the organization sponsoring the penetration test. The results of this report can help an organization evaluate the effectiveness of its defenses as well as its ability to respond to incidents. That understanding can lead to better means of responding to incidents involving applications, networks, and behavioral or physical exploits.