1.8 Pen Testing Techniques Flashcards

1
Q

This document is used to define the purpose and scope of the pentest, type of testing, the schedule, and the rules of the test.

A

Rules of engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between a “blind” pentest and a “full disclosure”?

A

How much the tester knows about your environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why is it important for a pentester to take care in exploiting vulnerabilities during a test?

A

Exploits can cause a loss of data or a DoS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This portion of the pentest involves trying to gain access to the network.

A

Initial exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The second step in the pentest, the tester will try to move from system to system within the network

A

Lateral movement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This portion of the test is step 3, and involves ensuring the tester has a way back through the system. Often involves creating backdoors, user accounts, or changing default admin passwords.

A

Persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This is the final step in the process, the tester will attempt to set up a “jumping off” point where they can access other systems that would normally not be accessible.

A

The Pivot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What must take place once the pentest is complete?

A

Cleanup and collection of bug bounty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A reward that can be collected by pentesters for discovering and documenting vulnerabilities

A

Bug Bounty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This is the process of gathering information prior to carrying out a pentest.

A

Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This reconnaissance method involves gathering info from open sources such as social media, corporate sites, forums, social engineering, and dumpster diving.

A

Passive footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Reconnaissance method that involves searching for unsecured networks via wifi and GPS by driving around in a car, flying in a plane, or even via drones. Can result in large amounts of data in a short period of time.

A

Wardriving or warflying

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This reconnaissance method involves information gathering tactics such as trying physical doors, running ping, port, OS, and service scans, as well as DNS queries and OS fingerprinting.

A

Active footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security team:

  • Offensive security team - The hired attackers
  • Ethical hacking - Find security holes
  • Exploit vulnerabilities -Gain access
  • Social engineering - Constant vigilance
  • Web application scanning - Test and test again
A

Red Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security Team:

  • Defensive security - Protecting the data
  • Operational security - Daily security tasks
  • Incident response - Damage control
  • Threat hunting - Find and fix the holes
  • Digital forensics - Find data everywhere
A

Blue Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Security Team:

  • Red and blue teams working together
  • Cooperation is often more useful than competition
  • Everybody is on the same page
A

Purple Team

17
Q

Security Team:

– Manages the interactions between red teams and blue teams
• The referees in a security exercise
– Enforces the rules
– Resolves any issues
– Determines the score
• Manages the post-event assessments

A

White Team