An IS auditor doing penetration testing during an audit of internet connections would:
examine security settings.
ensure virus-scanning software is in use.
use tools and techniques available to a hacker.
Penetration testing is a technique used to mimic an experienced hacker attacking a live site by
using tools and techniques available to a hacker. The other choices are procedures that an IS
auditor would consider undertaking during an audit of Internet connections, but are not aspects of
penetration testing techniques.