1.8 Penetration Testing Flashcards

1
Q

Penetration Testing: 3 levels of testing relevant to knowledge of the environment

A
  1. Unknown (black box)
  2. Known (white box)
  3. Partial (gray box)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define penetration testing: rules of engagement

A

Defining the scope, what systems, when, who, etc.., of a penetration test prior to executing it so that everyone knows about since it may risk bringing systems down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define penetration testing: lateral movement

A

Once access is breached, testing to see how many internal devices can be breached

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define penetration testing: persistence

A

Creating a back-door allowing one to return for access at a later time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define penetration testing: cleanup

A

After completion of a penetration test all systems and accounts need to returned to their previous state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Bug Bounty

A

Rewards offered by companies to those to identify bugs or vulnerabilities in their systems/software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Pivoting

A

Breaching a system and then using that system to launch further attacks or breach other systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is passive/active reconnaissance relevant to penetration testing? (2)

A
  1. Prior to a penetration test, information is gathered (reconnaissance) to identify potential vulnerabilities to test
  2. Passive reconnaissance is not detectable by the organization but active reconnaissance, such as port scans, is detectable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How are drones used for reconnaissance?

A

A drone can be used for war flying to gather information about available wireless networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define footprinting

A

Gathering information to use for an attack, can be active or passive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define war driving

A

Driving around and identifying available WiFi networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define war flying

A

Using a drone to fly around and scan for available wireless networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define OSINT

A

Open-Source Intelligence, openly available information that attackers can use to craft an attack. Common sources include social media and company websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define the “Red Team” in penetration testing

A

The attacking team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define the “Blue Team” in penetration testing

A

The defensive team, handles day-to-day security, responds to threats, maintains patches, recovers data/systems from attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define the “Purple Team” in penetration testing

A

The combination of both teams who work together in an organization to ensure security

17
Q

Define the “White Team” in penetration testing

A

The referee between red and blue teams, defines the rules and compiles the results of penetration tests