1.4 Explain penetration testing concepts Flashcards
Which of the following penetration steps should a tester perform after obtaining a persistent foothold on the network and internal reconnaissance?
Obtain a pivot point
During which type of penetration test does the tester specifically include the reconnaissance phase of the test?
Black box
Which of the following is a system susceptible to, if a user with system access can obtain keys from the system memory or pagefiles and scratch disks?
Privilege escalation
What type of pen test allows the tester to use default credentials to log into the system, after discovering a vulnerability on a server?
Passive reconnaissance
Vulnerability scanning generally uses passive reconnaissance techniques. Passive reconnaissance is not likely to alert the target of the investigation as it means querying publicly available information.
Active reconnaissance has more risk of detection. Active techniques might involve gaining physical access to premises or using scanning tools on the target’s web services and other networks.
Action on objectives refers to the adversary or penetration tester stealing data from one or more systems (data exfiltration).
In the initial exploitation (a.k.a. weaponization) phase, an exploit is used to gain some sort of access to the target’s network.
Initial exploitation cannot perform under which of the following circumstances?
Host scanning
During which type of penetration test does the tester skip the reconnaissance phase of the test?
White box
What is the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is passive and penetration testing is active.
Which phase of a penetration test uses a phishing email and payload, or obtains credentials via social engineering to gain access to the target’s network?
Initial exploitation
A pen tester gathers some information about a target to find ways for remote access. After gaining access, what other penetration techniques should a tester perform before performing further reconnaissance?
Persistence
A pen tester discovered that a certain vulnerability did not get patched on an SQL server. The pen tester then exploited the vulnerability with code injection and owned the server. Which of the following best describes this technique?
Active reconnaissance
What type of pen test allows the tester to use default credentials to log into the system, after discovering a vulnerability on a server?
Passive reconnaissance
Vulnerability scanning generally uses passive reconnaissance techniques. Passive reconnaissance is not likely to alert the target of the investigation as it means querying publicly available information.
Active reconnaissance has more risk of detection. Active techniques might involve gaining physical access to premises or using scanning tools on the target’s web services and other networks.
Action on objectives refers to the adversary or penetration tester stealing data from one or more systems (data exfiltration).
In the initial exploitation (a.k.a. weaponization) phase, an exploit is used to gain some sort of access to the target’s network.