1.8 Explain the techniques used in penetrating testing Flashcards

1
Q

A form of security evaluation that involves the same tools, techniques, and skills of real-world criminal hackers as a methodology to test the deployed security infrastructure of an organization. Understand announced vs. unannounced test. An announced test means

A

Penetration Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Means everyone in the organization knows the penetration assessment is taking place and when.

A

Announced Pentest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Performed without the IT or security staff being aware of it.

A

Unannounced Pentest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The process of capturing the initial response or welcome message from a network service that may directly or indirectly reveal its identity.

A

Banner Grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Makes use of knowledge about how an organization is structured, what kinds of hardware and software it uses, and its security policies, processes, and procedures.

A

Known Environment Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Proceeds without using any initial knowledge of an organization. It provides a realistic external criminal hacker perspective on the security stance of an organization.

A

Unkown Environment Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Combines the two other approaches to perform an evaluation based on partial knowledge of the target environment.

A

Partially Known Environment Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A penetration testing document that defines the means and manner in which the testing is to be performed and conducted.

A

Rules of Engagement (RoE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When pivoted attacks are successful and the attacker gains some level of remote control over another system.

A

Lateral Movement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Any attack or exploit that grants the attacker greater privileges, permissions, or access.

A

Privilege Escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The characteristic of an attack that maintains long-term remote access to and control over a compromised target.

A

Persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The process of removing any lingering hacking tools, sensors, or devices left behind during the various stages of the penetration test.

A

Pentest Cleanup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Payment to programmers, developers, and ethical hackers to discover a flaw in a service, site, product, system, device, etc., and they responsibly and privately report it to the vendor.

A

Bug Bounty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The action or ability to compromise a system and then using the privileges or access gained through the attack to focus attention on another target that may not have been visible or exploitable initially.

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The activity of gathering information about a target without interacting with the target.

A

Passive Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Active reconnaissance is the idea of collecting information about a target through interactive means.

A

Active Reconnaissance

17
Q

The act of using a detection tool to look for wireless networking signals.

A

War Driving

18
Q

The gathering of data from publicly available resources. It is mostly a form of passive reconnaissance.

A

Open-source intelligence (OSINT)

19
Q

When multiple groups work with different goals in the same security evaluation exercise. These can include red, blue, white, and purple-teams.

A

Penetration Testing Excercise