Appendix A Flashcards

1
Q

What is a White Box Test

A

Where all background and system information is provided

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a Black Box Test

A

Where only basic or no information is provided except the company name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Grey Box Test

A

A combination of White box and Black box testing, the tester has partial knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 5 stages of an assessment

A

1) Scoping : Working with the client to agree on a scope which meets their security requirements.
2) Reconnaissance : Gathering as much information as possible about the target.
3) Assessment : Carrying out vulnerability scans and manual testing.
4) Reporting : Analyse findings and write them up
5) Presenting : Presenting the information to the client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is Unauthorised access to computer material punishable as per the Computer Misuse Act 1990

A

Unauthorised access to computer material - punishable by 6 months imprisonment or a fine “not exceeding level 5 on the standard scale” (currently £5000)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How is Unauthorised access with intent to commit or facilitate comission of further offences punishable as per the Computer Misuse Act 1990

A

Unauthorised access with intent to commit or facilitate commission of further offences - punishable by 12 months / maximum fine on summary conviction or 5 years/fine on indictment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How is Unauthorised modification of computer material punishable as per the Computer Misuse Act 1990

A

Unauthorised modification of computer material - punishable by 12 months / maximum fine on summary conviction or 5 years / fine on indictment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What Article of the Human Rights Act 1998 is applicable to a penetration test

A

Article 8 of the Human Rights Act - Right to respect for private and family life:

Everyone has the right to respect for his private and family life, his home and his correspondence.

There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What aspects of the Data Protection Act are applicable to Penetration Testing

A

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What sections of the Police and Justice act 2006 are relevant to Penetration Testing

A

Sections 35-38

Increased penalties of Computer Misuse Act (Makes unauthorised computer access serious enough to fall under extradition).

Makes it illegal to perform DoS attacks.

Makes it illegal to supply and own hacking tools.

Be careful about how you release information about exploits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly