Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ECSA - Certified Security Analyst > 1 - Intro 2 Pen Testing > Flashcards

1 - Intro 2 Pen Testing Flashcards

1
Q

What is Pen Testing?

A

Evaluates an organization’s ability to protects its infrastructure from external and internal threats. Simulates an attack to analyze weaknesses and design flaws. Afterwards, a comprehensive report is provided

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the benefits of a Pen testing?

A
  • Identifies threats
  • Provides assurance that org is at appropriate risk level
  • Determines business impact
  • Helps prevent exploitation
  • ROI on security
  • Achieves compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What components make up ROI?

A

ROI = (Expected Returns - Cost of Investment) / Cost of Investment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between Pen Testing and Security Audits and Vulnerability Assessment?

A
  • Security Audits checks whether the organization is following a set of policies and procedures
  • Vulnerability Assessments discover vulnerabilities but does exploit them nor give any business impact.
  • Pen testing incorporates audits and vulnerability assessments and demonstrates if vulnerabilities can be exploited.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the types of Pen Testing?

A
  • Black Box: Tested has no previous knowledge of target network. Takes a lot of info gathering and assessment. Can be very time consuming. Simulates real hacking.
    • Blind Testing: Simulates methodologies of a real hacker
    • Double-Blind Testing: Few people in the org know about the testing.
  • White Box: Tester has complete knowledge of infrastructure; tester knows exactly what they have to test.
    • Announced Testing: Attempts to compromise with full cooperation/knowledge of IT staff.
    • Unannounced Testing: Attempt to compromise systems without knowledge of IT security personnel. Only the upper management is aware.
  • Gray Box: Combo of Black box and White box. Tester has limited knowledge; performs security assessment and testing internally. Tests apps for all vulnerabilities.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the cost/comprehensive structure of the types of pen testing?

A

Type Cost Comprehensive

Black $$ X

White $$$ XXX

Gray $ XX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do you select the appropriate type of test?

A

Depends on time, goals, demands, and resources available. Black box is good for compromising security of organization. White and Gray box is useful when considering the advantage of time and resources the attacker may have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the different ways of Pen Testing?

A
  • Automated: Performed with help of various commercial and open source tools. Covers only 45% of known vulnerabilities.
  • Manual: Done by an individual or group who are experts in pen testing. Reduces number of false positives.

**The ideal pen test is one that uses automated tools but is led by human intelligence and insight**

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the different areas of Pen Testing?

A
  • Network: Helps identify security issues in network design. (Insecure protocols, opne ports/services, unpatched OS/software, misconfiguration)
  • Web Application: Detects security issues in web apps due to insecure design and development practices. (Injection vulnerabilities, broken authentication, broken session management, weak crypto, error handling)
  • Social Engineering: Helps identify employees who do not properly authenticate, follow, validate, and handle the processes and technology. (Malicious emails, phishing, reveal sensitive info, allowing unauthorized entry)
  • Wireless Network: Helps identify misconfigurations in wireless network infrastructure. (Rogue A.P.’s, weak encryption)
  • Mobile Device: Helps identify security issues associated with mobile devices (implementation of BYOD, unauthorized mobile devices, rooted/jailbroken mobile devices, insecure WiFi networks)
  • Cloud: Helps identify security issues in the cloud infrastructure (Insufficient data protection, poor access management, insecure interfaces/API, insider threats)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the Pen Testing process?

A
  • Defining the Scope: Extent of testing, who and where
  • Performing the Pen Test: Info gathering, testing target environment
  • Reporting and Delivering Results: Listing vulnerabilities, severity, recommended fixes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the Pen Testing phases?

A
  • Pre-Attack Phase: Info Gathering
  • Attack Phase: Testing/Exploitation
  • Post-Attack Phase: documentation and reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some Pen Testing methodologies?

A

A methodology ensures that the exercise is done in a standard manner with documented and repeatable results

  • Proprietary:
    • EC-Council LPT
    • IBM
    • ISS
    • McAfee Foundstone
  • Open-Source:
    • OSSTMM
    • ISSAF
    • NIST
    • OWASP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the EC-Council LPT Pen Testing methodology?

A
  • Information Gathering
  • Scanning and Reconnaissance
  • Fingerprinting and Enumeration
  • Vulnerability Assessment
  • Exploit Research and Verification
  • Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What makes a good Pen Test?

A
  • Establishing parameters
  • Hiring skilled professionals
  • Suitable set of tests
  • Methodology
  • Documenting the results
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When should Pen Testing be performed?

A
  • Changes in infrastructure
  • A new threat is discovered
  • Updated or re-installed hardware/software
  • Change in organization’s policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the ethics of a Pen Tester?

A
  • Written permission of client
  • Work according to non-disclosure and liability clauses of contract
  • Test tools in isolated lab prior to actual pen test
  • Inform client of any possible risks
  • Notify client when you first discover highly vulnerable risks.
  • Deliver social engineering tests results only in summarized format
  • Maintain a degree of separation between the criminal hacker and security professional
17
Q

What is the profile of a good pen tester?

A
  • Conducted research and development in the security area.
  • Published research papers.
  • Presented at various seminars
  • Holds various certs
  • Member of many respectable organizations such as IEEE
  • Written and published security related books
18
Q

What are the types of risks that could arise in Pen Testing?

A
  • Technical: Directly arises with targets in the production environment (failure of target, disruption of service)
  • Organizational: Repetitive and unwanted triggering in the incident, alert fatigue, loss of reputation
  • Legal: Violation of laws
19
Q

How can an tester minimize risks?

A
  • Use indirect testing
  • Limit yourself from Vulnerability Exploitation: show vulnerability instead of exploiting it
  • Delay the Effect of Test: Delay test to have enough time to cancel and prepare for test
  • Perform Interruptible Testing: Be able to pause test
  • Be Careful against Throttled Tools: Throttled tests can overload target
  • Be Aware of Account Lock-Out Functionality: Repeating tests can lockout tests
  • Use Partial Isolation and Replication of Target Environment: Testing should be done on a dedicated test system

ECSA - Certified Security Analyst (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions