1.4 Explain penetration testing concepts

Question 1

Which of the following penetration steps should a tester perform after obtaining a persistent foothold on the network and internal reconnaissance?

Answer 1

Obtain a pivot point

Question 2

During which type of penetration test does the tester specifically include the reconnaissance phase of the test?

Answer 2

Black box

Question 3

Which of the following is a system susceptible to, if a user with system access can obtain keys from the system memory or pagefiles and scratch disks?

Answer 3

Privilege escalation

Question 4

What type of pen test allows the tester to use default credentials to log into the system, after discovering a vulnerability on a server?

Answer 4

Passive reconnaissance

Vulnerability scanning generally uses passive reconnaissance techniques. Passive reconnaissance is not likely to alert the target of the investigation as it means querying publicly available information.

Active reconnaissance has more risk of detection. Active techniques might involve gaining physical access to premises or using scanning tools on the target’s web services and other networks.

Action on objectives refers to the adversary or penetration tester stealing data from one or more systems (data exfiltration).

In the initial exploitation (a.k.a. weaponization) phase, an exploit is used to gain some sort of access to the target’s network.

Question 5

Initial exploitation cannot perform under which of the following circumstances?

Answer 5

Host scanning

Question 6

During which type of penetration test does the tester skip the reconnaissance phase of the test?

Answer 6

White box

Question 7

What is the difference between vulnerability scanning and penetration testing?

Answer 7

Vulnerability scanning is passive and penetration testing is active.

Question 8

Which phase of a penetration test uses a phishing email and payload, or obtains credentials via social engineering to gain access to the target’s network?

Answer 8

Initial exploitation

Question 9

A pen tester gathers some information about a target to find ways for remote access. After gaining access, what other penetration techniques should a tester perform before performing further reconnaissance?

Answer 9

Persistence

Question 10

A pen tester discovered that a certain vulnerability did not get patched on an SQL server. The pen tester then exploited the vulnerability with code injection and owned the server. Which of the following best describes this technique?

Answer 10

Active reconnaissance

Question 11

What type of pen test allows the tester to use default credentials to log into the system, after discovering a vulnerability on a server?

Answer 11

Passive reconnaissance

Vulnerability scanning generally uses passive reconnaissance techniques. Passive reconnaissance is not likely to alert the target of the investigation as it means querying publicly available information.

Active reconnaissance has more risk of detection. Active techniques might involve gaining physical access to premises or using scanning tools on the target’s web services and other networks.

Action on objectives refers to the adversary or penetration tester stealing data from one or more systems (data exfiltration).

In the initial exploitation (a.k.a. weaponization) phase, an exploit is used to gain some sort of access to the target’s network.