Domain 1: Planning & Scoping Flashcards

1
Q

What are the 5 Domains covered in the Pentest+ Exam?

A
  1. Planning & Scoping
  2. Information Gathering & Vulnerability Identification
  3. Attacks & Exploits
  4. Penetration Testing Tools
  5. Reporting and Communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a methodology?

A

This is a system of Methods used in a particular area of study or activity.

ie. Systematic approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the steps to the pentest methodology?

A

This has 4 steps:

  1. Planning & Scoping
  2. Info Gathering & Vulnerability Identification
  3. Attacks and Exploits
  4. Reporting & Communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are the steps for the ethical hackers methodology and pentest methodology the same?

A

No, these two methodologies have different steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is NIST 800-115?

A

This is a US government recommended methodology on how pentesting should be done.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the steps to NIST 800-115?

A

This includes the steps:

  1. Planning
  2. Discovery
  3. Attack (additional discovery)
  4. Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three factors that go into planning a penetration test? Or any project?

A

These three factors go into this:

  1. Time
  2. Cost
  3. Quality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are good questions to ask about the target?

A

What does the business do?

What are their objectives?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When planning a penetration test, what are several important considerations? Name 4.

A

When planning this, important considerations include:

  1. Who is the target audience?
  2. Budgeting
  3. Resources and Requirements
  4. Communication Paths
  5. What is the End-state?
  6. Technical Constraints
  7. Disclaimers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are two key disclaimers to include for a pentest?

A

These are needed during a pentest:

  1. Point-in-Time Assessment
  2. Comprehensiveness (How complete, Which parts of the org?).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Rules of Engagement (ROE)?

A

These are the ground rules that both organizations are going to play by.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 5 key areas of ROE?

A

This is made up of 5 key areas:

  1. Timeline
  2. Locations
  3. Time restrictions
  4. Transparency
  5. Test Boundaries
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

With respect to legal restrictions, what should you always do before conducting a penetration test?

A

Because of this, you should always consult your attorney before conducting any penetration test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Under what US code is Hacking covered?

A

This is covered under US code, Title 18, Chapter 47, Sections 1029 & 1030. (Crimes & Criminal Procedure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Do black hat hackers obtain written information?

A

No, these types of hackers do not obtain written information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

If you’re asked to conduct a penetration test on servers in the cloud that a company does not own, what is needed?

A

To conduct a penetration test on in this scenario, you’ll need third-party authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does SOW stand for?

A

This stands for Statement of Work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does MSA stand for?

A

This stands for Master Service Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does NDA stand for?

A

This stands for Non-Disclosure Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does the SOW involve?

A

This is a formal document that includes the scope of what will be performed during the penetration test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does the MSA involve?

A

This is the contract where parties agree to the most of the terms that will cover future actions

22
Q

What does an NDA involve?

A

This is a legal contract that outlines confidential material or information That will shared during the assessment and what restrictions are placed on it.

23
Q

what is the WASSENAAR agreement? What would be an example?

A

This precludes the transfer of technology considered ‘dual-use’. Encryption falls under this restriction.

24
Q

What are the three testing strategies within pentesting?

A

There are three testing strategies:

  1. Black-box
  2. White-Box
  3. Gray-Box
25
Q

What are some characteristics of Black-box pentesting?

A

These are some characteristics of this type of pentesting:

  • No prior knowledge of target or network
  • Simulates outsider attack
  • Only focuses on what external attackers see and ignores insider threat
  • takes more time and is much more expensive
26
Q

What are some characteristics of White-Box Testing?

A

This type of tests has the following characteristics:

  • full knowledge of network, systems, and the infrastructure
  • Spend more time probing vulnerabilities and less time gathering information
  • Tester is given support resources from the the organization
27
Q

What is another name for a White-box test?

A

This is also called a ‘full-knowledge’ test.

28
Q

What is another name for Gray box testing?

A

This is also know as a partial knowledge test

29
Q

What are some characteristics of Gray-box pentesting?

A

This type of test has the following characteristics:

  • Partial knowledge of target (may include for example, IP ranges)
  • Can be used as an internal test to simulate an insider attack with minimal knowledge
  • Can also be used to decrease the information gathering stage so more time can be spent on identifying vulnerabilities
30
Q

When are support resources provided?

A

These are generally only provided during a white-box penetration test.

31
Q

What is an architectural diagram? What is it’s purpose?

A

These can be network diagrams, software flow charts, or physical maps. It’s purpose is to assist the tester in mapping out network topologies, locations of switch closets, and locate key information.

32
Q

What is a sample application request?

A

This is used when doing web app or software testing. This will provide sample input and expected output.

33
Q

What is SDK documentation?

A

This is a Software Development Kit and it provides a set of tools, libraries, documentation, code samples, processes, or guides to allow faster development of a new app or platform.

34
Q

What does SOAP stand for?

A

This stands for Simple Objective Access Protocol.

35
Q

Where are SOAP project files created?

A

These files are created from WSDL files or a single service call.

36
Q

What is SOAP?

A

This is a messaging protocol specific for the exchange of structured information in the development of web services.

37
Q

What is Swagger Documents?

A

This is an open sourced framework with a large system of tools to help design, build, document, test, & Standardize REST web services.

38
Q

What is REST ?

A

Representational State Transfer has been replacing SOAP in most web applications in recent years. It is a web application architectural style based on HTTP. Allows a lot less communication between server and web client.

39
Q

What does WSDL stand for? What does it do?

A

Web Services Description Language. Used for describing the functionality offered by a particular web service such as a SOAP server. It is flexible and allows binding options. NOT useful for web REST services with WSDL 1.1.

40
Q

What does WADL stand for? What is it used for?

A

Web Application Description Language. XML based machine readable description of HTTP-based web services. Easier to write than WSDL, but not as flexible. Typically used for REST Services.

41
Q

What does XSD stand for? What is it?

A

XML Schema Definition. Is a W3C recommendation that specifies on how to formally describe elements within XML documents. Allows you to push boundaries of Web Application.

42
Q

What is a goal-based pentest?

A

This type of test has a specific goal in mind that is outlined prior to the test

43
Q

What is an objective based pentest?

A

This type of pentest Seeks to ensure information remains secure.

44
Q

What is complianced based assessment?

A

This type of assessment is to ensure policies or regulations are being followed properly

45
Q

What does it mean to conduct a redteam pentest?

A

This type of test is conducted by internal pentesters during a security exercises.

46
Q

How would you describe Advanced Persistent Threats?

A
  • Great Capability and intent
  • Target orgs for business or political motives
  • Highly covert over long-periods of time
47
Q

What is the concept of threat modeling?

A

This concept asks Who are you trying to emulate?

48
Q

How many tiers of adversaries are there?

A

There are 6 of these

49
Q

How is the tier of adversaries structured?

A

This is structured in a way that is positively correlated as the tier number increase. More money, more time, more skill the higher the tier.

50
Q

What are some considerations for target selection? Name 4

A

This involves the following considerations:

  • Internal or External
  • First-party or third-party hosted
  • Physical
  • users
  • SSIDs
  • Applications
51
Q

What is tolerance to impact?

A

This is the impact of operations during a pentest.