CISSP - Security Assessment and Testing Mock

In a penetration test, in which phase would the tester try to get onto our network?

Options are :

  • Discovery.
  • Escalate privileges.
  • Gaining access. (Correct)
  • System browsing.

Answer : Gaining access.

Explanation Gaining Access: Access the network.

A team of penetration testers, with full physical access to our facility, have found PHI hard copies laying around. Which of our policies are our employees NOT following?

Options are :

  • Clean desk policy. (Correct)
  • Wireless policy.
  • Least privilege.
  • Shred policy.

Answer : Clean desk policy.

Explanation Clean desk policy requires employees to not have sensitive (or any at all) paperwork on their desks unless they are at the desk. If they are done with the paperwork they should dispose of it, if not lock it away.

When a penetration tester is trying to gain sensitive information from an employee with social engineering. Which type of access control type is she testing?

Options are :

  • Detective.
  • Technical.
  • Physical.
  • Administrative. (Correct)

Answer : Administrative.

Explanation Social engineering is an attack on administrative controls, it can be mitigated with training and awareness. Administrative (Directive) Controls: Organizational Policies and Procedures. Regulation. Training and Awareness.

You mentioned a vishing attack to a colleague and the director from HR heard it. He stops you and asks you what that is. Which of these could be an answer?

Options are :

  • Calling our dispatch and trying to get information through social engineering. (Correct)
  • Driving around trying to gain access to unsecured or weak security wireless access points.
  • Using a modem to call different numbers; looking for an answer with a modem carrier tone.
  • Sending a lot of emails to random people, hoping a few of them click the links in the email.

Answer : Calling our dispatch and trying to get information through social engineering.

Explanation Vishing is phishing over the phone. It is a common and effective form of social engineering.

Which type of black-box testing would we submit random malformed data as inputs into the software?

Options are :

  • Synthetic transaction testing.
  • Dynamic testing.
  • Static testing.
  • Fuzz testing. (Correct)

Answer : Fuzz testing.

Explanation Fuzzing (Fuzz testing): Testing that provides a lot of different malformed inputs to try to cause unauthorized access or for the application to enter unpredictable state or crash. If the program crashes or hangs the fuzz test failed. The Fuzz tester can enter values into the script or use pre-compiled random or specific values.

We have hired a penetration tester, and she has been given partial knowledge of our organization and infrastructure. Which access level would that emulate?

Options are :

  • An administrator.
  • A senior executive.
  • A normal employee. (Correct)
  • A manager.

Answer : A normal employee.

Explanation Gray (Grey) box (Partial Knowledge) Pentesting: The attacker has limited knowledge; is a normal user, vendor, or someone with limited environment knowledge.

We have hired a penetration testing company to find security flaws in our organization. They are at the enumeration phase, what are they doing?

Options are :

  • Scanning. (Correct)
  • Exploitation.
  • Vulnerability assessment.
  • Reconnaissance.

Answer : Scanning.

Explanation Pen testing would normally have these phases, enumeration is the same as scanning. Planning > Reconnaissance > Scanning (enumeration) > Vulnerability assessment > Exploitation > Reporting.

We are at our annual corporate IT security training event and we are talking about social engineering. Which of these are types of social engineering? (Select all that apply).

Options are :

  • Phreaking.
  • Vishing. (Correct)
  • Consensus. (Correct)
  • Whale phishing. (Correct)
  • Urgency. (Correct)
  • War dialing.

Answer : Vishing. Consensus. Whale phishing. Urgency.

Explanation Social engineering uses people skills to bypass security controls. Attacks are often more successful if they use one or more of these approaches: Authority (someone you trust or are afraid of) - Look and sound like an authority figure, be in charge, this can be in a uniform or a suit. Most effective with impersonation, whaling, and vishing attacks. Intimidation (If you don't bad thing happens) - Virus on the network, credit card compromised, lawsuit against your company, intimidation is most effective with impersonation and vishing attacks. Consensus (Following the crowd, everyone else was doing it) - Fake reviews on a website, using consensus/social proof is most effective with Trojans and hoaxes. Scarcity (If you don't act now, it is too late) - New iPhone out, only 200 available, often effective with phishing and Trojan attacks. Urgency (It has to happen now or else) - The company will be sued for $1,000,000 if these papers are not filled out before Friday, often used with Phishing. Familiarity (Have a common ground, or build it) - Knowing something about the victim ahead of time and then reference it can raises chances of a successful attack drastically. People want to be helpful, if they feel like they know you they want to even more. Often successful with vishing and in-person social engineering.

When an attacker is using intimidation and threats, it is a type of?

Options are :

  • Penetration testing.
  • Alteration testing.
  • Social engineering. (Correct)
  • Referential testing.

Answer : Social engineering.

Explanation Social engineering uses people skills to bypass security controls. Can be used in a combination with many other attacks, especially client-side attacks or physical tests. Attacks are often more successful if they use one or more of these approaches: Authority , intimidation, consensus, scarcity, urgency or familiarity.

We have a company doing a penetration test for us. In which phase would the tester try to gain higher level access, and ultimately, if they can, admin access?

Options are :

  • Escalate privileges. (Correct)
  • System browsing.
  • Gaining access.
  • Discovery.

Answer : Escalate privileges.

Explanation Escalate Privileges: Get higher level access, ultimately we want admin access.

What would be the PRIMARY reason we use a specific server for storing our centralized logs, and only giving our administrators limited access?

Options are :

  • To have logs available for analysis.
  • To ensure the logs integrity. (Correct)
  • For redundancy.
  • For the SEIM to be able to access them.

Answer : To ensure the logs integrity.

Explanation We want to ensure our central log repository is not tempered with by staff or attackers. While it also can provide redundancy it is not the main reason. The SEIM can access logs wherever they may be.

What would be one of the EASIEST ways to confirm if our access control mechanics are working?

Options are :

  • Get alerts for each login and manually check them all.
  • Stand at the doors and look at who enters a building or a certain room.
  • Reviewing CCTV files.
  • Reviewing security audit logs. (Correct)

Answer : Reviewing security audit logs.

Explanation Audit log reviews is the easiest way to confirm our access control mechanisms are working.

In which operating systems can an attacker elevate their privileges to gain root or administrator privileges?

Options are :

  • MacOS.
  • Linux.
  • Windows.
  • All of these. (Correct)

Answer : All of these.

Explanation It is possible for attackers to elevate their privileges in any of the listed Oss.

We have hired an IT security firm to do penetration testing on our organization. Which of these could be something they would use?

Options are :

  • Threats.
  • Crowbars.
  • Kali Linux. (Correct)
  • Rootkits.

Answer : Kali Linux.

Explanation Kali Linux is a version of Linux designed for hackers, it is a toolkit with many different attack vectors.

On a vulnerability scan, some of the vulnerabilities came up as LOW. What could be the reason for them showing as LOW?

Options are :

  • The vulnerability is there, it is exploitable and if it is exploitable impact is grave.
  • It is just informational, we never act on LOW.
  • The vulnerability is there, but it is not exploitable or if it is exploitable impact is negligible. (Correct)
  • There is no vulnerability.

Answer : The vulnerability is there, but it is not exploitable or if it is exploitable impact is negligible.

Explanation While we may not act on LOW vulnerabilities, we do always look at them to see if it is true they are low.

As part of our annual security audit we hired a pen testing company. What could be some of the tools they would use?

Options are :

  • Force against employees.
  • Social engineering. (Correct)
  • Access control lists.
  • Cutting power cables.

Answer : Social engineering.

Explanation Social engineering is often the easiest way for pen testers to get the initial foothold on our network.

After we have applied a patch to our software, which type of test should we use?

Options are :

  • Regression testing. (Correct)
  • Referential testing.
  • Misuse testing.
  • Integration testing.

Answer : Regression testing.

Explanation Regression testing: Finding defects after a major code change has occurred. Looks for software regressions, as degraded or lost features, including old bugs that have come back.

As part of our software testing, we are performing regression testing. What does that mean?

Options are :

  • interfaces between components in the software.
  • Lost or missing features after major code changes. (Correct)
  • Processes and security alerts when encountering errors.
  • That the software installs correctly on the customers hardware.

Answer : Lost or missing features after major code changes.

Explanation Regression testing: Finding defects after a major code change has occurred. Looks for software regressions, as degraded or lost features, including old bugs that have come back.

When a penetration tester is doing a black box test, how much knowledge do they have about their target?

Options are :

  • Full knowledge and privileges access to systems.
  • No knowledge other than what is publicly available. (Correct)
  • Partial knowledge, user or vendor access level.
  • All of these.

Answer : No knowledge other than what is publicly available.

Explanation Black box Pen testing (Zero Knowledge): The attacker had no knowledge about the organization other than publicly available information. They start from the point an external attacker would.

When we talk about the different types of hackers, which of them would be skilled and malicious?

Options are :

  • White hat.
  • Gray hat.
  • Black hat. (Correct)
  • Script kiddie.

Answer : Black hat.

Explanation Black Hat hackers: Malicious hackers, trying to find flaws to exploit them (Crackers - they crack the code).

Which type of hacker is skilled and non-malicious?

Options are :

  • White hat. (Correct)
  • Gray hat.
  • Black hat.
  • Script kiddie.

Answer : White hat.

Explanation White Hat hackers: Professional Pen Testers trying to find flaws so we can fix it (Ethical Hackers).

When we do our dynamic software testing, how are we testing?

Options are :

  • Submit random malformed input to crash the software or elevate privileges.
  • Build scripts and tools that would simulate normal user activity.
  • Passively test the code, but not run it.
  • Test the code while executing it. (Correct)

Answer : Test the code while executing it.

Explanation Dynamic testing – Actively testing the code while executing it. Can uncover flaws that exist in the particular implementation and interaction of code that static analysis missed. Software can run and code execute with flaws.

We are wanting to hire outside penetration testers. Who in our organization would set the goals for the penetration test?

Options are :

  • IT leadership.
  • IT security leadership.
  • Senior management. (Correct)
  • IT security team.

Answer : Senior management.

Explanation Penetration Testing (Pen Testing), often called Ethical Hacking. Test if the vulnerabilities are exploitable. An authorized simulated attack on our organization that looks for security weaknesses, potentially gaining access to the systems, buildings and data. Senior management set the goals for the Pen testing. Why are we doing it? What are we trying to achieve? They have to sign off on it.

What does SOC2 type 2 report on?

Options are :

  • How resilient our systems are and how often we can expect exploits with our current settings.
  • The sustainability of the design AND operating effectiveness of controls. (Correct)
  • The future state of our controls and countermeasures.
  • The sustainability of the design of controls.

Answer : The sustainability of the design AND operating effectiveness of controls.

Explanation SOC 2 Type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.

When we implement centralized logging, we want it to be:

Options are :

  • Automated, secure, and accessible by administrators.
  • Automated, secure and administrators should have limited access. (Correct)
  • Automated, secure and accessible by everyone.
  • Automated, unsecure, and accessible by administrators.

Answer : Automated, secure and administrators should have limited access.

Explanation Centralized Logging: Should be automated, secure and even administrators should have limited access.

What is another term we could use for penetration testing?

Options are :

  • Black hat hacking.
  • Gray hat hacking.
  • Fracking.
  • Ethical hacking. (Correct)

Answer : Ethical hacking.

Explanation Penetration Testing (Pen Testing), also called ethical hacking or white hat hacking. Test if the vulnerabilities are exploitable

Which of these could be something we would use to provide audit log integrity during an attack?

Options are :

  • Localized logging with push to a centralized server every 24 hours.
  • Real time updates using a simplex connection to a centralized log server in separate VLAN. (Correct)
  • Centralized logging pushed every hour.
  • Local logging accessible with administrator privileges.

Answer : Real time updates using a simplex connection to a centralized log server in separate VLAN.

Explanation Sending logs in real time preserves the integrity and validity of them, if we add a simplex connection (one way only), the attacker most likely won't have a way of deleting them. If they are local or pushed they can delete them before they are pushed.

What do we need to ensure is synchronized for our audit logs to be admissible in court?

Options are :

  • DNS.
  • DRP.
  • NTP. (Correct)
  • DHCP.

Answer : NTP.

Explanation The clocks of all systems in an organization should be connected to multiple synchronized NTP servers, to ensure all clocks are synchronized. If logs have another timestamp than the real time, they are not usable in a trial.

There are a lot of challenges with audit record management. Which of these is not NOT of them?

Options are :

  • Audit records are only reviewed for the bad stuff.
  • Log entries and alerts are not prioritized.
  • We are storing logs and alerts for too long. (Correct)
  • Logs are not reviews on a regular and timely basis.

Answer : We are storing logs and alerts for too long.

Explanation Audit record management typically faces five distinct problems: Log are not reviewed on a regular and timely basis. Audit logs and audit trails are not stored for a long enough time period. Logs are not standardized or viewable by correlation toolsets - they are only viewable from the system being audited. Log entries and alerts are not prioritized. Audit records are only reviewed for the bad stuff.

In our fuzz testing, we analyze data and change the fuzz input iteratively. What is this called?

Options are :

  • Migration fuzzing.
  • Mitigation fuzzing.
  • Mutilation fuzzing.
  • Mutation fuzzing. (Correct)

Answer : Mutation fuzzing.

Explanation Fuzzing (Fuzz testing): Testing that provides a lot of different inputs, to try to cause unauthorized access or for the application to enter unpredictable state or crash. If the program crashes or hangs the fuzz test failed. The Fuzz tester can enter values into the script or use pre-compiled random or specific values. Mutating fuzzing – The tester analyses real info and modify it iteratively.

When a penetration tester is trying to gain access to sensitive information from one of our servers, she is testing which type of access control?

Options are :

  • Technical. (Correct)
  • Detective.
  • Physical.
  • Administrative.

Answer : Technical.

Explanation Technical Controls: Hardware/Software/Firmware – Firewalls, Routers, Encryption. Trying to access and gain information from a server would compromise our technical or logical security.

Before we engage the penetration testers we want to hire, we need to build a statement of work (SOW). Who needs to be involved in building it?

Options are :

  • All of these. (Correct)
  • IT security
  • Our legal department.
  • Senior management.

Answer : All of these.

Explanation To have a proper clear SOW, we need senior management's approval and outlines, legal approval and IT security's input.

We have a contract with some penetration testers. In which phase would the tester look for vulnerabilities and design the attack?

Options are :

  • Escalate privileges.
  • System browsing.
  • Gaining access.
  • Discovery. (Correct)

Answer : Discovery.

Explanation Discovery (planning): Finding the vulnerabilities, design the attacks.

In which form of software testing do we test the connections between the different systems and components?

Options are :

  • Interface testing. (Correct)
  • User acceptance testing.
  • Fuzz testing.
  • Static testing.

Answer : Interface testing.

Explanation Interface Testing – testing of all interfaces exposed by the application.

Which of these would we NOT look at a security assessment?

Options are :

  • KPI. (Correct)
  • Penetration testing
  • Change management.
  • Security audits.

Answer : KPI.

Explanation Security Assessments: A full picture approach to assessing how effective our access controls are, they have a very broad scope. We would not look at KPIs. Security assessments often span multiple areas, and can use some or all of these components: Policies, procedures, and other administrative controls. Assessing the real world-effectiveness of administrative controls. Change management. Architectural review. Penetration tests. Vulnerability assessments. Security audits.

Which type of hacker is NOT very skilled but can be dangerous because of their lack of knowledge and understanding of what they are doing?

Options are :

  • White hat.
  • Script kiddie. (Correct)
  • Gray hat.
  • Black hat.

Answer : Script kiddie.

Explanation Script Kiddies: They have little or no coding knowledge, but many sophisticated hacking tools are available and easy to use. They pose a very real threat. They are just as dangerous as skilled hackers; they often have no clue what they are doing.

The team of pen testers we have hired, is trying to gain access to our facility by trying to find an open door or window. What type of access control are they testing?

Options are :

  • Preventative.
  • Physical. (Correct)
  • Detective.
  • Administrative.

Answer : Physical.

Explanation Physical Controls: Locks, fences, guards, dogs, gates, bollards, doors, windows, etc.

In our software testing we are doing, "unit testing", what are we testing?

Options are :

  • The functionality of a specific section of code. (Correct)
  • Processes and security alerts when encountering errors.
  • Data handling passed between different units or subsystems.
  • Interfaces between components against the software design.

Answer : The functionality of a specific section of code.

Explanation Unit testing: Tests that verify the functionality of a specific section of code. In an object-oriented environment, this is usually at the class level, and the minimal unit tests include the constructors and destructors. Usually written by developers as they work on code (white-box), to ensure that the specific function is working as expected.

A pentester is calling one of our employees. The pentester explains the company will be hit with a lawsuit if they don't do what they are told. Which type of social engineering is the pentester using?

Options are :

  • Authority.
  • Familiarity.
  • Intimidation. (Correct)
  • Scarcity.

Answer : Intimidation.

Explanation Social engineering uses people skills to bypass security controls. Intimidation (If you don't bad thing happens) - Virus on the network, credit card compromised, lawsuit against your company, intimidation is most effective with impersonation and vishing attacks.

Depending on the type of software and where we are in the software development lifecycle we would do different types of tests. Which of these are COMMON types of tests we would do at the end of the development lifecycle? (Select all that apply).

Options are :

  • Test Coverage Analysis testing.
  • Integration testing. (Correct)
  • Installation testing. (Correct)
  • Component interface testing. (Correct)
  • Referential audit testing.
  • Operational acceptance testing. (Correct)

Answer : Integration testing. Installation testing. Component interface testing. Operational acceptance testing.

Explanation Software Testing types: Integration testing, verifies the interfaces between components against a software design. Component interface testing, can be used to check the handling of data passed between various units, or subsystem components, beyond full integration testing between those units. Operational acceptance is used to conduct operational readiness (pre-release) of a product, service or system as part of a quality management system. Installation testing is done to assure that the software is installed correctly and working at actual customer's hardware.

Prior to an external structured audit, we would often do an 'unstructured' audit. Who would perform that?

Options are :

  • IT security staff.
  • Internal auditors. (Correct)
  • Senior management.
  • External auditors.

Answer : Internal auditors.

Explanation Unstructured audits: Internal auditors to improve our security and find flaws, often done before an external audit.

What would be a reason to do misuse case testing on our software?

Options are :

  • To ensure all exposed interfaces are tested.
  • To expose the system to normal user traffic and use.
  • To see how well the software installs on certain hardware systems.
  • Because attackers do not act like normal users, we need to test against that. (Correct)

Answer : Because attackers do not act like normal users, we need to test against that.

Explanation Misuse Case Testing: Executing a malicious act against a system, attackers won't do what normal users would, we need to test misuse to ensure our application or software is safe.

Why would we use a Requirements Traceability Matrix (RTM) in software testing?

Options are :

  • To ensure we are secure.
  • To test the code while executing it.
  • To test for malformed input.
  • To map requirements to the testing plan. (Correct)

Answer : To map requirements to the testing plan.

Explanation TM/RTM (Requirements Traceability Matrix): Normally a table, used to map customer requirements to the testing plan using a many-to-many relationship comparison. A requirements traceability matrix may be used to check if the current project requirements are being met, and to help in the creation of a request for proposal, software requirements specification, various deliverable documents, and project plan tasks.

We want to implement a solution to prove our logs has not been altered. Which of these could be an option we would consider?

Options are :

  • Asymmetric encryption.
  • Symmetric encryption.
  • Hashing. (Correct)
  • ARP.

Answer : Hashing.

Explanation Hashing can provide us proof if a log is the original or it was altered, if it is altered we can't tell what was changed, just that it was changed.

When we are reviewing our audit logs, it is which type of a control?

Options are :

  • Physical.
  • Detective. (Correct)
  • Preventative.
  • Deterrent.

Answer : Detective.

Explanation Audit log reviews is a detective control, we look at what happened after it happened, looking for patterns and issues.

We are using social engineering, which of these are effective types of social engineering?

Options are :

  • All of these. (Correct)
  • Urgency.
  • Intimidation.
  • Authority.

Answer : All of these.

Explanation Social engineering is often more successful if is uses one or more of these approaches: authority, intimidation, consensus, scarcity, urgency, or familiarity.

A penetration tester is calling an employee. They tell the employee they need to give them the information they are asking for, because the caller is the CEO's executive assistant. What is this an example of?

Options are :

  • Intimidation.
  • Familiarity.
  • Authority. (Correct)
  • Scarcity.

Answer : Authority.

Explanation Social engineering uses people skills to bypass security controls. Authority (someone you trust or are afraid of) - Look and sound like an authority figure, be in charge, this can be in a uniform or a suit. Most effective with impersonation, whaling, and vishing attacks.

If we are doing a vulnerability scan, it would normally show us all these, EXCEPT which?

Options are :

  • The OSs used by the systems.
  • Systems on the network.
  • Open ports.
  • Malware. (Correct)

Answer : Malware.

Explanation A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching, they will not detect viruses or malware unless it has opened ports that shouldn't be and even then it would just list the port as open. It is very important to understand the output from a vulnerability scan, they can be 100's of pages for some systems, and how do the vulnerabilities map to Threats and Risks (Risk = Threat x Vulnerability).

Penetration testers have been looking for vulnerabilities for some weeks. What would be the FINAL stage of a penetration test?

Options are :

  • Exploration.
  • Reporting. (Correct)
  • Auditing.
  • Deleting log files.

Answer : Reporting.

Explanation Penetration Testing normally has 6 phases: Planning > Reconnaissance > Scanning (enumeration) > Vulnerability assessment > Exploitation > Reporting. The 6th phase for a real attack would be delete logs/evidence and install backdoors.

Very technical hacking attempts can be very difficult to pull off. Low tech or no-tech attacks like social engineering can often be successful. Why is that?

Options are :

  • It is very complex.
  • Because of how few employees there are available for them to target.
  • People want to be helpful. (Correct)
  • We give our employees a lot of training to raise awareness of social engineering.

Answer : People want to be helpful.

Explanation Social engineering is often more successful if they use one or more of these approaches: Authority, intimidation, consensus, scarcity, urgency, or familiarity. Often people just want to be helpful or not get in trouble.

We are doing security audits and we test against published standards. Which of these is NOT one of the standards we would test against?

Options are :

  • SOC-2 type 1.
  • RBAC. (Correct)
  • SOC 2 type 2.
  • PCI-DSS.

Answer : RBAC.

Explanation RBAC is role based access control, not a security audit standard. SOC 2 and PCI-DSS are standards we audit against.

Which type of testing will look for weaknesses but does NOT exploit them?

Options are :

  • Intrusive testing.
  • Penetration testing.
  • Weakness scans.
  • Vulnerability scans. (Correct)

Answer : Vulnerability scans.

Explanation Vulnerability scans looks for weaknesses, but just reports on them, they take no actions.

To ensure our compliance with a certain standard, we have a structured audit. What would that entail?

Options are :

  • Internal auditors looking for flaws.
  • Internal IT Security employees double checking their work.
  • Testing against a published standard.
  • External auditors comes in. (Correct)

Answer : External auditors comes in.

Explanation Structured audits (3rd party): External auditors there to validate compliance, they are experts and the audit adds credibility. Can also be a knowledge transfer for the organization, required annually in many organizations.

When attackers are war dialing, what are they trying to do?

Options are :

  • Use a modem to call different numbers, looking for an answer with a modem carrier tone. (Correct)
  • Disrupt our wireless access points by transmitting notice on the wireless channels we use.
  • Driving around trying to gain access to unsecured or weak security wireless access points.
  • Calling our dispatch trying to get information through social engineering.

Answer : Use a modem to call different numbers, looking for an answer with a modem carrier tone.

Explanation War dialing: Uses modem to dial a series of phone numbers, looking for an answering modem carrier tone, the penetration tester then attempts to access the answering system. Not really done anymore, but know it for the exam.

After a security audit and penetration testing, we were notified about some security issues on all our switches. We chose not to implement the recommended mitigations this year because it was deemed too expensive. If our switches are compromised who is responsible?

Options are :

  • The security team.
  • The networking team.
  • Senior management. (Correct)
  • The penetration testers.

Answer : Senior management.

Explanation Senior management ultimately makes the decisions and are liable. We as security professionals only advise and suggest, they make the choice.

An attacker, using social engineering, could use all of these EXCEPT which?

Options are :

  • Spear fishing. (Correct)
  • Authority.
  • Consensus.
  • Whale phishing.

Answer : Spear fishing.

Explanation While spear phishing is social engineering, spearfishing is not.

In software testing, we are doing synthetic transaction. What does that mean?

Options are :

  • Build scripts and tools that would simulate normal user activity. (Correct)
  • Passively test the code, but not run it.
  • Test the code while executing it.
  • Submit random malformed input to crash the software or elevate privileges.

Answer : Build scripts and tools that would simulate normal user activity.

Explanation Synthetic transactions (synthetic monitoring): Website monitoring using a Web browser emulation or scripted recordings of Web transactions. Behavioral scripts/paths are created to simulate an action or path that a customer or end-user would take on a site. The paths are continuously monitored at specified intervals for performance, functionality, availability, and response time.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions