1.8 Explain the techniques used in penetration testing. Flashcards

1
Q

During a pentest, which team acts as the facilitators

A

Purple Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

During a pentest,which team is responsible for setting the rules of engagement and monitor the pen test

A

White Team- This group typically consists of the managers or team leads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

During a pentest,which team is one of two teams competing in pen test in a defensive role.

A

Blue Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

During a pentest, which team is competing with an offensive role.

A

Red Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is footprinting

A

obtaining information about a host or network topology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is persistence in the pen test steps

A

occurs when the pen tester attempts to map out the internal network and discover the services running on it and accounts configured to access it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the steps in a Pentest

A
  1. Perform Reconnaissance
  2. Scan/enumerate
  3. Gain Access
  4. Maintain Access
  5. Report
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Type of pen test where The ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This test simulates the insider threat.

A

Gray box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Type of pen test where The ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores insider threats.

A

Black box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Type of pen test where The ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.

A

White box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a Pen test, what happens during the perform recon phase?

A

The first phase in the pentesting process is reconnaissance, also known as footprinting. In this phase, the pentester begins gathering information on the target. This can include gathering publicly available information, using social engineering techniques, or even dumpster diving.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In a Pen test, what happens during the Scan enumerate phase?

A

Running scans on the target is the second phase. During this phase, the ethical hacker is actively engaged with the target.
Enumeration is part of the scanning phase. Enumeration uses scanning techniques to extract information such as:

Usernames
Computer names
Network resources
Share names
Running services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In a Pen test, what happens during the Gain access phase?

A

The third phase takes all of the information gathered in the reconnaissance and scanning phases to exploit any discovered vulnerabilities in order to gain access.
After gaining access, the pentester can perform lateral moves, pivoting to other machines on the network. The pentester will begin trying to escalate privileges with the goal of gaining administrator access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In a Pen test, what happens during the Maintain access phase?

A

Once the pentester has gained access, maintaining that access becomes the next priority. This can be done by installing backdoors, rootkits, or Trojans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In a Pen test, what happens during the report phase?

A

The final phase is generating the test results and supporting documentation. After any penetration test, a detailed report must be compiled. Documentation provides extremely important protection for both the penetration tester and the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

OSINT

A

Open Source Intelligence (OSINT) gathering refers to using web search tools and social media to obtain information about the target and is part of the reconnaissance phase.

17
Q

What is war flying

A

War flying is war driving, but in the air with a drone or unmanned aerial vehicle (UAV). This maps the location and type of wireless networks operated by the target.

18
Q

What step should Pen tester take before internal recon?

A

Peristence