CompTIA PenTest+ Certification Exam Objectives 5.0 Reporting and Communication Flashcards
What is normalization of data?
Data normalization on a pentest report is organizing the data of the results to appear similar across all records and fields rather than dumping all information in a report
Make it make sense to stakeholders.
What is the methodology section of a pentest report?
The methodology section of the report outlines the types of testing performed during the penetration test, the steps taken during each phase, and how the attacks were carried out. The methodology section also discusses the process used to identify and rate the risks for each vulnerability found and what tools were used by the pentesters.
What does the findings and remediation’s of a pentest report consist of?
This includes what vulnerabilities/exploits are present on the in scope systems and how they can be mitigated/resolved
What are some metrics that should be provided in a pentest report?
This would include providing data breach response metrics, time, plan effectiveness, number of vulnerabilities, most critical of the findings, types of vulnerabilities
What is risk appetite?
Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objective, before action is deemed necessary to reduce the risk.
This represents a balance between the potential benefits of innovation and the threats that change brings ! :-)
What is secure handling and storage time of a pentest report typically?
The pentest report contains a lot of sensitive information about an organization, so we keep the report until the customer gives approval they have received the full report.
We handle the report through encryption and communication path only, this is discussed in the SOW or RoE
What is an attestation letter in pentesting?
The attestation letter servers as the record of us performing the pentest.
It includes a summary of the findings.
What are some common post engagement clean up activities?
-Removing shells
Removing tester-created credentials
-Removing tools
-Undoing environment modifications that could be utilized by an adversary
What are some solutions associated with vulnerabilities?
People- This would be training users on Social Engineering and how to spot it
Process- This would be the process of how operations are, maybe implementing peer reviews of code/configurations to ensure no vulnerabilities are going live
Technology- This could be legacy systems needing to be upgraded
What are some common findings to report in a pentest?
- Shared Local Administrator credentials
- Weak password complexity
- Plain text passwords
- No multi factor authentication
- SQL Injections
- Unnecessary open services
What are some remediation’s for these common vulnerabilities?
- Randomize credentials/Microsoft Local Administrator Password Solution
- Minimum password requirements/password filters
- Encrypt the passwords
- Implementing multi factor authentication
- Sanitize User Input/Paramterized Queries
- System Hardening
What is a communication path in a pentest?
This is who/when/how to contact during the pentester
- Information and resources that the testers need prior to the test
- How affected third parties will be informed and consulted in relations to the testing
- How testing start-up and close-down will be covered
- Regular communications and through what means
- Approvals required for various elements of the testing that will be going ahead
What are some common communication triggers?
- Critical findings (This would be highest rating CVSS possible on a production system)
- Stages (We might reach out to the customer before performing test on certain systems at certain times to ensure business is not impacted)
- Indicators of prior compromise (This would be finding evidence of a hack/hacker)
What is de-escalation?
This would be withholding additional testing if a system went down due to our testing methodologies, such as scanning a legacy network and making the system shit itself
What is de-confliction?
Deconfliction is a process that provides a way to separate a pentesters activities from real-world activity
