What is a primary feature of the penetration testing process?

A primary feature of the penetration testing process is exploiting found vulnerabilities. This stage involves actively attempting to breach system defenses by leveraging identified weaknesses. The purpose of this phase is to demonstrate the potential impact of an attacker successfully exploiting these vulnerabilities. By simulating real-world attacks, penetration testing provides valuable insights into the security posture of a system, allowing organizations to understand the effectiveness of existing security controls and the potential consequences of a successful intrusion.

In contrast, although document review, system walk-through, and tools discovery are important components of a comprehensive security assessment, they do not represent the core essence of penetration testing. Document review involves analyzing existing security policies and procedures, which is primarily retrospective rather than active testing. System walk-throughs may help in understanding network topology or architecture but lack the active exploitation of vulnerabilities. Tools discovery typically focuses on identifying potential tools that could be used during testing, but this step does not involve actual exploitation. Therefore, the action of exploiting vulnerabilities stands out as the defining feature of the penetration testing process.