Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Pentesting > 2B: Outline the Rules of Engagement > Flashcards

2B: Outline the Rules of Engagement Flashcards

1.2 Explain the importance of scoping and organizational/customer requirements. 1.3 Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.

1
Q

An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

A

Advanced Persistent Threat (APT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A type of assessment that is used as part of fulfilling the requirements of a specific law or standard, such as GDPR, HIPAA, or PCI DSS.

A

Compliance Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A type of assessment that uses two opposing teams in a PenTest or incident response exercise: the “attacking” team, and the “defending” team.

A

Red team/blue team-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A type of assessment that has a particular purpose or reason.For example, before implementing a new point of sale (PoS) system that accepts credit cards, the PenTesting team might test the system for any security issues prior to implementation.

A

Goals-based/objectives-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

One of the three CompTIA strategy types for conducting a pentest, this type of testing is when the PenTesting team is completely in the dark; no information is presented to the team prior to testing.

A

Unknown Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

One of the three CompTIA strategy types for conducting a pentest, this type of testing is commonly used to test web applications for security vulnerabilities. The PenTesting team is given some information, such as internal functionality and code so they can focus on testing for any issues related to system defects or improper usage of applications. For example, a partially unknowntest might be run after any software defects are repaired.

A

Partially Known Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

One of the three CompTIA strategy types for conducting a pentest, this type of testing is when the PenTesting team is given all details of the network and applications.The test is commonly done with the perspective of the user.Because all of the details are transparent, the team can focus on the test.

A

Known Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

According to CompTIA, when the team meets with the stakeholders, they will determine the type of strategy they will take, along with how much information they are given prior to conducting the PenTest. What are the three CompTIA specified PenTesting strategies for conducting testing?

A
  1. Unknown Environment
  2. Partially Known Environment
  3. Known Environment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Pentesting (56 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions