Which statement best captures the ongoing nature of security after a penetration test?

• A. There will always be new threats to security.
• B. Security is static once implemented.
• C. Monitoring and updating are continuous requirements.
• D. All systems remain secure after one exercise.

Answer: (C)

After a penetration test, security becomes an ongoing process of monitoring and updating. A test shows what’s vulnerable at a moment in time, but the environment is always changing—new threats appear, systems are updated, and configurations drift. To keep defenses effective, you continuously monitor for signs of compromise, apply patches and harden configurations, manage ongoing vulnerabilities, and periodically re-test to ensure fixes hold. This continuous cycle of detect, remediate, and verify is what keeps security resilient over time. While it’s true that threats keep evolving and that security isn’t static, the essential practice is the persistent, active maintenance and validation of controls.