Audits and Assessments Flashcards
Audit
An investigation and evaluation of IT systems, infrastructures, policies, and operations
Penetration Testing
Simulated cyber attack to identify exploitable vulnerabilities in a computer
system
Physical Penetration Testing
Evaluates an organization’s physical security measures
Known Environment
Penetration testers have detailed information about the target
infrastructure
Resembles an insider threat scenario
Partially Known Environment
Testers have limited information, simulating a scenario where an attacker
has partial inside knowledge
Unknown Environment
Simulates a real-world external attacker aiming to find entry points and
vulnerabilities
Metasploit
Multipurpose computer security and penetration testing framework