Which action is explicitly not recommended during testing due to risk of exposing the system to malicious traffic?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which action is explicitly not recommended during testing due to risk of exposing the system to malicious traffic?

Explanation:
Keep protective controls enabled during testing. Shutting down antivirus removes a critical line of defense that detects and blocks malicious traffic and payloads. Without it, the system is much more susceptible to real malware executing, spreading, or exfiltrating data, and the test environment may no longer reflect how a system behaves in production. This undermines containment and can lead to unintended harm or policy violations. In practice, if you need to assess defenses, use safe, controlled methods like running tests in an isolated sandbox and relying on safe indicators (for example, the EICAR test string) to verify detections. The other actions listed—creating or encoding payloads, or compiling custom malware—are techniques that can be used in controlled scenarios to study evasion or detection, but they carry risk and must be strictly contained and authorized; they do not directly mirror the risk introduced by disabling AV.

Keep protective controls enabled during testing. Shutting down antivirus removes a critical line of defense that detects and blocks malicious traffic and payloads. Without it, the system is much more susceptible to real malware executing, spreading, or exfiltrating data, and the test environment may no longer reflect how a system behaves in production. This undermines containment and can lead to unintended harm or policy violations.

In practice, if you need to assess defenses, use safe, controlled methods like running tests in an isolated sandbox and relying on safe indicators (for example, the EICAR test string) to verify detections. The other actions listed—creating or encoding payloads, or compiling custom malware—are techniques that can be used in controlled scenarios to study evasion or detection, but they carry risk and must be strictly contained and authorized; they do not directly mirror the risk introduced by disabling AV.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy