Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Pentesting > 1C: Compare Standards and Methodologies > Flashcards

1C: Compare Standards and Methodologies Flashcards

1.2 Explain the importance of scoping and organizational/customer requirements.  2.1 Given a scenario, perform passive reconnaissance.

1
Q

An organization aimed at increasing awareness of web security and provides a framework for testing during each phase of the software development process. Among other listed tools, they list the top 10 vulnerabilities.

A

Open Web Application Security Application Project (OWASP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization founded in 1901, they exist to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. One such publication includes SP 800-115.

A

The National Institute of Standards and Technology (NIST)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Written in 2000, this is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance.

A

Open Source Security Testing Methodology Manual (OSSTMM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This is a framework written in 2005 that details structured guidelines and best practices to accomplish a PenTesting exercise. The framework is obtained by downloading a RAR file containing 14 documents.

A

Information Systems Security Assessment Framework (ISSAF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Developed by business professionals as a best practice guide to PenTesting, this framework has seven main sections that provide a comprehensive overview of the proper structure of a complete PenTest.

A

The Penetration Testing Execution Standard (PTES)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations including attack paths exploited by APTs.

A

MITRE ATT&CK Framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CompTIA defines this as: a risk management approach to QUANTIFYING VULNERABILITY DATA and then taking into account the degree of risk to different types of systems or information (AKA a system that provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity).

A

Common Vulnerability Scoring System (CVSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A scheme for identifying publicly disclosed vulnerabilities developed by MITRE and adopted by NIST. Each entry refers to specific vulnerability of a particular product and iscataloged with the name and description of the vulnerability.

A

Common Vulnerabilities and Exposures (CVE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A community-developed database that is a dictionary of software-related vulnerabilities maintained by the MITRE Corporation.

A

Common Weakness Enumeration (CWE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Pentesting (56 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions