7 Flashcards
A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:
White-box testing
A penetration test of a computer system performed without the prior knowledge on how the system that is to be tested works is referred to as a black-box testing.
True
Which of the following terms is used to describe a penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system?
Gray-box testing
In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.
False
In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.
False
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:
War driving
Which of the following statements does not apply to the concept of OSINT?
Active reconnaissance in penetration testing
In cybersecurity exercises, red team takes on the role of:
An attacker
In cybersecurity exercises, the defending team is referred to as:
Blue Team
In cybersecurity exercises, the role of an event overseer (i.e. the referee) is delegated to:
White Team
In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue, and white).
False
Physical and logical network diagrams provide visual representation of network architecture. A physical network diagram contains information on hardware devices and physical links between them. A logical network diagram describes the actual traffic flow on a network and provides information related to IP addressing schemes, subnets, device roles, or protocols that are in use on the network.
True
Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information?
Data loss prevention (DLP)
Which of the three states of digital data requires data to be processed in an unencrypted form?
In processing
In the field of data security, the term “Tokenization” refers to the process of replacing sensitive data with nonsensitive information which holds a reference to the original data and enables its processing but has no value when breached.
True