Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Practice > (1) Pentest (Conducting Discovery and execution) > Flashcards

(1) Pentest (Conducting Discovery and execution) Flashcards

1
Q

What do pentesters do during the discovery phase of a penetration test?

A

During the discovery phase of a penetration test, pentesters:

-Perform recon and try to get as much data as they can about the item being tested, be it devices, users, apps, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

When conducting discovery, what outside sources may a pentester use when performing this action?

A

When conducting discovery, a pentester may use:

-Publically available material, performing port scans

-Vulnerability scanners and web app testing programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do pentesters do during the attack portion of a pentest?

A

During the attack portion, pentesters try to break through the security controls to get access to systems and apps that the org uses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name the 4 attack phase steps that pentesters use when conducting their pentests

A

Pentesters use four attack phase steps, they are:

-Gaining Access

-Escalating Privileges

-System browsing

-Install Additional Tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Within the four attack phase steps, describe the first step: Gaining access

A

In the gaining access step, the pentester has obtained enough data about the target and now is going to try to access the target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Within the four attack phase steps, describe the second step: Escalating Privileges

Also, describe what the results of this step depend on

A

In the escalation privileges step, the pentester tries to get total control of the system if they are able to access the system.

This step is highly contextual because if the pentester is able to get full admin access, it opens up more options to them. If they only have user based access, then they won’t have as many options, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Within the four attack phase steps, describe the third step: System Browsing

A

In the system browsing step, the pentester does a new information gathering process to see what info they can gather to infiltrate deeper systems with the new info that they have obtained, provided they can get any new info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Within the four attack phase steps, describe the fourth (and final) step: Install Additional Tools

A

In the install additional tools step, the pentester puts additional pentesting tools in place to get even more information or access (or both).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When does a pentest officially end?

A

A pentest officially ends when the time allotted for the pentest expires or the pentester exhausts all possibilities that they have given the context of the pentest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Practice (77 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions