03- Penetration Testing Flashcards

1
Q

Acceptable use policy

A

how to use corporate systems and for what they are allowed to be used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

COPPA

A

Regulates the ways that website operators can interact with children under the age of 13

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Core Impact

A

guru in automated testing. It’s the tool that every penetration tester would love to own and use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

External Testing

A

focused on the server’s infrastructure and underlying software pertaining to the target; can be performed with no prior knowledge of the site or with full disclosure of the topology and environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

FERPA

A

Governs the handling and disclosure of student educational records by educational institutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

GLBA

A

Requires that financial institutions develop and implement an information security program that is based upon a risk assessment and a formal written security plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

hacking

A

Is, unfortunately, a loaded term that in some ways defies definition. Very simply, it is an intrusion upon a system. In some cases, as with Certified Ethical Hackers, this intrusion is solicited for the purposes of defining and ultimately resolving network vulnerabilities. Still, in others, hacking denotes unauthorized access. In some cases, the term “hacker” is used synonymously with “programmer”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HIPPA

A

Requires that health care providers, health plans, and health care information clearinghouses follow a set of security and privacy standards for protected health information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Internal testing

A

simulates what an insider attack could accomplish. The targets are the same as external pentesting, but the difference is the attacker either has authorized access or is starting from a point within the internal network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

keylogger

A

Is a piece of software that secretly records all the keys pressed on a victims computer and then saves them to a log file. Some log files are sent automatically to the attacker or retrieved at a later date. Keystroke loggers can capture keystrokes, screenshots, and other activities on a computer. Keylogging software can be deployed to a computer by email, ftp, remote installation, or by plugging a small device (i.e. USB stick) into the back of a PC where the victim rarely looks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Metasploit

A

presents a manual framework with a plugin “Armitage” to automate the pen-test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Nexpose

A

a sister tool to Metasploit; it is made by the same company, Rapid7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

PCI DSS

A

Regulates merchants and service providers involved in the storage, processing, and transmission of credit and debit card information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Pen testers

A

Penetration tester; people who perform penetration testing, also called Ethical Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Penetration testing

A

Is also referred to as ethical hacking; however, the validity of the term “ethical hacker” is debated still today. The primary difference between penetration testing and vulnerability scanning is that penetration testing actually exploits a vulnerability and access to a target resource is obtained to prove without a doubt that the system or resource is vulnerable to attack. As with vulnerability scanning, penetration scanning should occur routinely and only with the permission of the owner whose systems and network are being targeted. Penetration testing can be carried out using a wide range of tools or with a vendor provided solution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

security assessment

A

where Security Policy Creation, Risk Identification, Vulnerability Scan, Vulnerability Assessment, Security Audit, and Penetration Testing are effectively used together to give the best result in order to secure an environment

17
Q

security audit

A

reviews the configuration of security controls (firewall, IDS, WAF, etc.)

18
Q

SOX

A

Governs the financial accounting practices of publicly traded companies and the implementation of security controls around systems that handle financially significant information

19
Q

Vulnerability

A

a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage