Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ SY601 RC > 1: 8 Penetration Testing and Exercises > Flashcards

1: 8 Penetration Testing and Exercises Flashcards

1
Q

Goal of penetration testing

A

Defeat security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What should be done before pen-testing

A

Document rules and scope of testing i.e. target systems, permitted techniques
Create Rules of Engagement document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Penetration Testing - Attackers

A

Security Professionals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WhiteBox Test

A

Attacker has full knowledge of the system, simulating an internal attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

BlackBox Test

A

Attacker has no knowledge of the system, simulating an external attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Graybox Attack

A

Attacker has some knowledge of system, commonly used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Discovery Phase

A

Finding a potential path - active and passive reconnaissance to collect information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Attack Phase

A

Gaining access, escalating privileges, system browsing, install additional tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Pivot

A

After gaining access to system, the attacker can move to more desirable systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Persistence

A

Installing tools on that system to allow future access independent of initial vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Clean-Up

A

Removing evidence of attack once job is completed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which phases should penetration testing attacks loop between?

A

Discovery and Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Bug Bounty

A

Pay money through a program for people to identify bugs in a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who manages bug bounties?

A

Usually Third Parties, but sometimes self-managed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cybersecurity Exercise

A

Identifies vulnerabilities while providing experience in defending and attacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Who are the 3 teams in a cybersecurity exercise?

A

Red, Blue, White

17
Q

Red Team

A

Attacks

18
Q

Blue Team

A

Defenders (usually get a head start)

19
Q

White Team

A

Observers and Judges

20
Q

Purple Teaming

A

Sharing information

21
Q

Capture the Flag Scoring

A

Each team in a cybersecurity exercise gets a list of objectives to complete and points for completing each objective.

Security+ SY601 RC (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions