Chap 1

Question 1

4 major phases of CompTIA’s pentest testing process

Answer 1

Planning and scoping; information gathering; and vulnerability identification; attacks and exploits; and reporting and communication

Question 2

Other name for pen test

Answer 2

Ethical hacking

Question 3

A protection element, such as permissions or firewall, designed to keep unauthorized individuals out of a system of network

Answer 3

Security control

Question 4

What step is the most important in a successful pentest report?

Answer 4

Remediation

Question 5

PCI DSS best practices requirements for pen testing

Answer 5

-perform annual (external and internal) pen test, complete remediation actions
-bi annual pen test conducted for network segmentation controls

-(also internal testing whenever changes are made in network infrastructure or applications)

Question 6

2 main trains to perform pen test

Answer 6

-get an accurate picture of the results of an attack
-to be in compliance with industry regulations

Question 7

Performs attacks on assets

Answer 7

Red team

Question 8

Protecting assets

Answer 8

Blue team

Question 9

Separation of duties and no direct conflict of interests is important in conducting a pen test. Which is why a separate security team should be the ones to test the security controls rather than the team who ________

Answer 9

Installed, configured, and manages the systems or networks. And should not be the ones implanting the security of the system

Question 10

Pros and cons of either internal or external 3rd party conducting pen test

Answer 10

Pros of internal team:
Cheaper and allows for more regular tests

Pros of external 3rd party:
Not familiar with infrastructure, similar to a hacker
Fresh eyes evaluating your defense

Cons of 3rd party:
What are their qualifications? Will results be confidential? Cost?