1.4 Explain penetration testing concepts Flashcards

1
Q

Which phase of a penetration test uses a phishing email and payload, or obtains credentials via social engineering to gain access to the target’s network?

A

Initial exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of penetration test requires the tester to perform partial reconnaissance?

A

Gray box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

During which type of penetration test does the tester specifically include the reconnaissance phase of the test?

A

Black box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of pen test allows the tester to use default credentials to log into the system, after discovering a vulnerability on a server?

A

Passive reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A pen tester gathers some information about a target to find ways for remote access. After gaining access, what other penetration techniques should a tester perform before performing further reconnaissance?

A

Persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is a system susceptible to, if a user with system access can obtain keys from the system memory or pagefiles and scratch disks?

A

Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

initial exploitation phase

A

In the initial exploitation phase, an exploit is used to gain access to the target’s network. This initial exploitation might be accomplished using a phishing email and payload, or by obtaining credentials via social engineering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Pen testing

A

active reconnaissance technique. Active techniques include gaining physical access or using scanning tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Open Source Intelligence (OSINT)

A

Publicly available information and tools for searching it, are referred to as Open Source Intelligence (OSINT). Gathering this kind of information is referred to as passive reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

pivot point

A

system and/or set of privileges that allow the tester to compromise other network systems (lateral spread). The initial exploit might give the tester local administrator privileges, and use these to obtain privileges on other machines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

black box

A

During a black box pen test, the consultant is given no privileged information about the network, its security systems and its configuration. Black box tests are useful for simulating the behavior of an external threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

white box pen test

A

During a white box pen test, the consultant is given complete access to information about the network. This type of test is sometimes conducted as a follow-up to a black box test, to fully evaluate flaws discovered during the black box test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

gray box pen test

A

During a gray box pen test, the consultant is given some information; this resembles the knowledge of junior or non-IT staff to model types of insider threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

sandbox environment

A

Ideally, pen tests should be performed in a sandbox environment that accurately simulates the production environmentPassive reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Vulnerability scanning

A

passive reconnaissance techniques. Passive reconnaissance is not likely to alert the target of the investigation as it means querying publicly available information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Active reconnaissance

A

more risk of detection. Active techniques might involve gaining physical access to premises or using scanning tools on the target’s web services and other networks

17
Q

Action on objectives

A
  • refers to the adversary or penetration tester stealing data from one or more systems (data exfiltration)
  • means carrying out the work as defined by the tester or client. Data exfiltration is an example of an objective
18
Q

initial exploitation (a.k.a. weaponization) phase

A
  • an exploit is used to gain some sort of access to the target’s network
  • occurs after gathering some initial information about the target to figure out what vulnerabilities are available to exploit. Persistence occurs after the initial exploitation
19
Q

Persistence

A

followed by further reconnaissance in a pen test attack life cycle. Persistence is the tester’s ability to reconnect to the compromised host and use it as a remote access tool (RAT) or backdoor

20
Q

Persistence

A

followed by further reconnaissance in a pen test attack life cycle. Persistence is the tester’s ability to reconnect to the compromised host and use it as a remote access tool (RAT) or backdoor

21
Q

SQL injection

A

An SQL injection attack inserts an SQL query as part of user input, which allows an attacker to extract or insert information into the database or execute arbitrary code

22
Q

Directory traversal

A

when the attacker gets access to a file outside the web server’s root directory

23
Q

Transitive access

A

describes the problem of authorizing a request for a service that depends on an intermediate service

24
Q

Which of the following penetration steps should a tester perform after obtaining a persistent foothold on the network and internal reconnaissance?

A

Obtain a pivot point

25
Q

pivot point

A

Having obtained a persistent foothold on the network and performed internal reconnaissance, the next likely objective is to obtain a pivot point, and compromise other network systems (lateral spread)

26
Q

A pen tester discovered that a certain vulnerability did not get patched on an SQL server. The pen tester then exploited the vulnerability with code injection and owned the server. Which of the following best describes this technique?

A

Active reconnaissance

27
Q

What is the difference between vulnerability scanning and penetration testing?

A

Vulnerability scanning is passive and penetration testing is active

28
Q

During which type of penetration test does the tester skip the reconnaissance phase of the test?

A

white box

29
Q

During which type of penetration test does the tester skip the reconnaissance phase of the test?

A

White box

30
Q

What is the difference between vulnerability scanning and penetration testing?

A

Vulnerability scanning is passive and penetration testing is active