Chapter 5: Penetration Testing Concepts

Question 1

is an intrusive test where a third party has been authorized to attack a company’s network to identify weakness. The intrusive tests used by them can cause damage to your systems

Answer 1

Penetration Test

Question 2

work in an unknown environment and are given zero information on the company. They will carry out initial exploitation looking for vulnerabilities.

Answer 2

Black Box

Question 3

work in a partially known environment as they are given limited information

Answer 3

Gray Box

Question 4

work in a known environment. One of the purposes of white box pen testers is to test applications in a sandbox so that when they are released they do not have any vulnerabilities. They know everything about a system or application as they have access to an applications source code.

Answer 4

White Box

Question 5

random information is inserted into an application to find out if the application crashes or gives out coding errors.

Answer 5

Fuzzing

Question 6

type of attack is when an attacker gains access to a desktop computer inside a company, which they then use to launch an attack on another computer or server.

Answer 6

pivoting

Question 7

this is where attackers move around your network looking for resources to exploit to avoid detection.

Answer 7

Lateral Movement

Question 8

this is an attack over an extended period of time.

Answer 8

Peristence

Question 9

where an attacker exploits a weakness in a system so that they can gain a higher level of privileges on it.

Answer 9

Escalation of Privilege

Question 10

where someone actively tries to gain information about the system. For example, an attacker finds a username left on one of the corporate desktops; they then ring up the active directory team, pretending to be that person and requests a password reset.

Answer 10

Active Reconnaissance

Question 11

where an attacker is constantly gathering information, without the victim’s knowledge.

Answer 11

Passive Reconnaissance

Question 12

this could also use a drone with a laptop or Personal Digital Assistant so that they can map out wireless networks

Answer 12

War Flying

Question 13

where someone drives around in a car mapping out wireless access points, including those that could be vulnerable.

Answer 13

War Driving

Question 14

the process hackers would use to map out the entire network, including employees, computers, IP addresses, versions of operating systems, etc

Answer 14

Footprinting

Question 15

this is intelligence collected legally from the public domain, such as social media or websites on the internet. It is used in law enforcement and business intelligence to help identify the source of attacks. It is only used for non-sensitive data.

Answer 15

Open Source Intelligence (OSINT)

Question 16

mimics an attackers, and they try to find vulnerabilities within your company. They quite often use social engineering and phishing as a part of their attacks

Answer 16

Red Team

Question 17

team that looks to discover security vulnerabilities within the company and take action to mitigate them so the company is secure.

Answer 17

Blue Team

Question 18

organizes and adjudicates cybersecurity exercises based on the information given. They set the rules of engagement and details of the exercise.

Answer 18

White Team

Question 19

is trained to be an attacker but has a defensive posture, and their focus is on repairing vulnerabilities as quickly as possible.

Answer 19

Green Team

Question 20

can carry out the role of both blue and red teams. By combining these teams, they can discover the threat actors tactics. These guys could be auditors or external consultants.

Answer 20

Purple Team

Question 21

passive scanner that identifies the vulnerabilities or weaknesses in a system. For example, there could be a missing update for the operating system, anti virus solutions, or account vulnerabilities.

Answer 21

Vulnerability Scanner

Question 22

non profit organization that looks at different attack vectors—looks at computer flaws and can identify the platforms affected

Answer 22

Common Vulnerabilities and Exposure (CVE)

Question 23

is built into many vulnerability scanners and indicates the severity of the vulnerabilities. Always deal with critical events first.
-False positive: scan believe there is a vulnerability but when you physically check it it not there
-False Negative: scanner does not detect actual vulnerability that exists. (Zero-day)
-True positive: results of the system scan agree wit manual inspection
-Log reviews: review logs after a vulnerability scan. Log files will list any potential vulnerabilities.

Answer 23

Common Vulnerabilities Scoring System (CVSS)

Question 24

much more powerful version of a vulnerability scanner. It has higher privileges than a non-credentialed scan. It provides more accurate information and it can scan documents audit files check certificates and account information.

Answer 24

Credentialed Scan

Question 25

lower privileges than a credentialed scan. It will identify vulnerabilities that an attacker would easily find.

Answer 25

Non-Credentialed Scan

Question 26

passive and merely report vulnerabilities. They do not cause damage to your system

Answer 26

Non-Intrusive Scan

Question 27

can cause damage as they try to exploit the vulnerability and should be used in a sandbox and not on your live production system

Answer 27

Intrusive Scan

Question 28

automated tool that integrates all of your security processes and tools in a central location. An automated process that uses machine learning and artificial intelligence that makes it faster than humans searching for evidence of attacks.
-helps reduce the Mean Time to Detect (MTTD)
-uses playbooks that define an incident and the action taken

Answer 28

Security Orchestration Automation and Response (SOAR)

Question 29

dynamic process of seeking out cybersecurity threats inside your network from attackers and malware threats

Answer 29

threat hunting