Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security plus > 1.8 > Flashcards

1.8 Flashcards

1
Q

The penetration tester has complete knowledge of the target environment, including its network, systems, applications, and configurations. This allows for more targeted and efficient testing.

A

Known Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The penetration tester has no prior knowledge of the target environment and must perform reconnaissance and information gathering to gain insights into the target systems. This approach simulates a real-world attack scenario where the attacker has no prior knowledge of the target.

A

Unknown Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This technique outlines the scope, rules, and limitations of the penetration testing engagement. It helps ensure that the testing is conducted ethically, legally, and within the agreed-upon boundaries.

A

Rules of Engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The penetration tester has some information about the target environment, such as a list of IP addresses or a limited understanding of the network topology. This approach simulates a scenario where an attacker has some prior knowledge but not complete information.

A

Partially Known Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This technique involves gaining access to one system and then using that access to pivot to other systems within the network. It helps simulate a real-world attack scenario where an attacker may move laterally through a network to reach their objective.

A

Lateral Movement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This technique involves exploiting vulnerabilities to elevate the privileges of the attacker on the target system. It allows the attacker to gain access to additional resources and information within the target environment.

A

Privilege Escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This technique involves establishing a persistent presence within the target environment, even after the penetration tester has completed their testing. It allows the attacker to maintain access to the target environment and continue to gather information or launch further attacks.

A

Persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This technique involves removing any traces of the penetration testing activities from the target environment to avoid detection by security personnel. It helps ensure that the testing is conducted ethically and does not cause any harm to the target systems.

A

Cleanup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This technique involves offering rewards or incentives to external researchers who find and report security vulnerabilities in a company’s systems or applications. It helps companies identify and address security issues before they can be exploited by attackers.

A

Bug Bounty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This technique involves using a compromised system as a platform to launch further attacks on other systems within the target environment. It allows the attacker to move laterally through the network and gain access to additional resources and information.

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This technique involves using unmanned aerial vehicles (UAVs) to gather information about a target environment, such as taking pictures of a building or its surrounding area. It can provide valuable insights into physical security measures and potential vulnerabilities.

A

Drones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This technique involves using wireless-enabled devices, such as laptops or smartphones, to search for wireless access points (WAPs) and gather information about the target network. It can help identify potential vulnerabilities in the wireless network and determine the strength of its security measures.

A

War Flying

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This technique is similar to war flying but involves driving a vehicle equipped with a wireless-enabled device to search for WAPs. It can provide a broader view of the target network and identify potential vulnerabilities in the wireless network.

A

War Driving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This technique involves gathering information about the target environment, such as its network architecture, systems, applications, and personnel, to identify potential vulnerabilities. It can be done through publicly available sources, such as social media or company websites, or through more advanced techniques, such as port scanning or network mapping.

A

Footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

OSINT (Open-Source Intelligence) is a technique of collecting information about the target environment from publicly available sources, such as social media, news articles, and government records. It can provide valuable insights into the target organization’s operations, personnel, and security posture, and help identify potential vulnerabilities.

A

OSINT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

is a group of individuals who are responsible for performing offensive operations against a target environment to simulate a real-world attack. is typically composed of experienced penetration testers who use a variety of techniques and tools to identify vulnerabilities in the target environment. The goal of the is to test the effectiveness of the organization’s security measures and identify areas for improvement.

A

Red Team

17
Q

is a group of individuals who are responsible for defending the target environment against attacks. is typically composed of security professionals who use a variety of techniques and tools to monitor and protect the target environment. The goal of the is to detect and respond to attacks in real-time, minimize the impact of the attack, and improve the organization’s security posture.

A

Blue team

18
Q

is a group of individuals who are responsible for overseeing and coordinating the Red and Blue Teams. is typically composed of senior security professionals who are responsible for designing the penetration testing engagement, setting the rules of engagement, and monitoring the testing to ensure that it is conducted ethically and within the agreed-upon boundaries.

A

White team

19
Q

is a hybrid team that combines the capabilities of the Red and Blue Teams. s typically composed of experienced penetration testers and security professionals who work together to identify vulnerabilities in the target environment and improve the organization’s security posture. The goal of theis to collaborate and share knowledge between the Red and Blue Teams, which can lead to a more effective penetration testing engagement and better overall security for the organization.

A

purple team

Security plus (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions