"It's a lonely journey, but man, that ending is worth it!!"– Luke Ahmed

Today is Day 30 of Yihenew’s CISSP study plan, focusing on penetration testing — a critical concept that blends technical skill with management-level understanding of risk validation.

Key Areas Covered:

• Purpose of Pen Testing — to simulate real-world attacks and test how effective existing controls are, both technically and procedurally.

• Pen Test vs. Vulnerability Scan — vulnerability scans identify potential issues automatically; penetration tests validate exploitation potential manually or semi-manually.

• Types of Pen Tests:

  • Black Box — tester has no prior knowledge; mimics an external attacker.

  • Gray Box — partial knowledge; simulates an insider or partner.

  • White Box — full system knowledge; evaluates defense from the inside.

• Rules of Engagement — scope, timing, tools, escalation procedures, and written authorization are mandatory before testing.

• Post-Test Activities — reporting, evidence preservation, remediation tracking, and retesting to confirm fixes.

• CISSP Exam Tie-In — expect scenario questions that differentiate ethical hacking from malicious activity or unauthorized testing. The focus is on risk justification, not exploitation technique.

In this CISSP study plan session, Yihenew explored how true security testing isn’t about breaking things — it’s about verifying protection levels and communicating risk back to management.

Quick CISSP Practice Question

Which of the following is the most important step before beginning a penetration test?

A. Identifying system vulnerabilities

B. Gaining written authorization from management

C. Collecting open-source intelligence

D. Performing social engineering

✅ Correct Answer: B. Gaining written authorization from management

Explanation:

• Written authorization defines scope, rules, and boundaries — without it, the test is unauthorized and potentially illegal.

• Vulnerability identification, reconnaissance, and exploitation occur after authorization.

• CISSP expects you to connect pen testing to governance and risk approval, not just technical activity.

Think Like a Manager: Before acting, always ask — Who approved this risk? In CISSP, legality, consent, and documentation always come before execution.

Check out Yani's TikTok or see Day 29 or Day 31.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you.