Chapter 1.8 - Penetration Testing

Question 1

Penetration Testing (Pentest)

Answer 1

Authorized simulated cyberattack on a computer system, performed to evaluate the security of the system

Question 2

Pentest - Known Environment

Answer 2

Performed by a security expert trained to identify and document issues that are present in an environment

Question 3

Pentest - Unknown Environment

Answer 3

Performed by a security expert that knows nothing about the systems under attack
“Blind” test

Question 4

Pentest - Partially Known Environment

Answer 4

Performed by a security expert that has partial knowledge or access to an internal network or web application

Question 5

Pentest - Rules of Engagement

Answer 5

Meant to list out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being testing, when its being tested, and how its being tested

Question 6

Pentest - Lateral Movement

Answer 6

Once in the network, can move from system to system

Question 7

Pentest - Persistence

Answer 7

Once in a system, you need to make sure there is a way back in
Examples: backdoor, change passwords, etc.

Question 8

Pentest - Cleanup

Answer 8

Removing all malicious activity from the pentest attack, leave the network in its original state
Examples: remove backdoors, change passwords back

Question 9

Bug Bounty

Answer 9

A reward offered to a person who identifies an error or vulnerability in a computer program or system

Question 10

Pivoting

Answer 10

Using a compromised system to spread between different computer systems once inside the network, simulating the behavior of a real attacker

Question 11

Passive Reconnaissance

Answer 11

Attempt to gain information about targeted computers and networks without actively engaging with the systems

Question 12

Active Reconnaissance

Answer 12

Attempt to gain information about targeted computers and networks by actively engaging with the systems

Question 13

War Flying

Answer 13

Used with a drone and a wireless network detector to find wifi wireless network locations

Question 14

Active Footprinting

Answer 14

Process of using tools and techniques, like using the traceroute commands or a ping sweep – Internet Control Message Protocol sweep – to collect data about a specific target

Question 15

Passive Footprinting

Answer 15

Collecting data without actively engaging with the target system

Question 16

Open Source Intelligence (OSINT)

Answer 16

The collection and analysis of information from many open sources

Question 17

War Driving

Answer 17

Drive around with a wireless network detector to find wifi wireless network locations

Question 18

Red Team

Answer 18

The offensive security team
Hired ethical hackers

Question 19

Blue Team

Answer 19

The defensive security team

Question 20

White Team

Answer 20

Not on a team
Manages the interactions between the red teams and blue teams
Referees

Question 21

Purple Team

Answer 21

Red and blue teams working together
Both share their findings to see how it can benefit the organization