Introduction

Question 1

Purpose of Pen Testing

Answer 1

Security tool to validate security measures and identify gaps

Question 2

Pen Testing Value to Forensic Examiners

Answer 2

see artifacts left behind by attackers
learn techniques
learn what is exploitable on a system (what can and cannot be done)

Question 3

IS Involvement in Illegal Activities (3 ways)

Answer 3

Used to commit
Target / victim of activities
Witness to the activities

Question 4

Six States of Penetration Testing

Answer 4

Pre-engagement Activities
Information Gathering
Scanning and Enumeration
Vulnerability Identification
Exploitation
Report and Recommendations

Question 5

Pre-engagement Activities

Answer 5

Scope of activities
points of contact
deliverables
Protects tester as well as client

Question 6

Information Gathering Stage

Answer 6

reconnaissance about the target

Question 7

Scanning and Enumeration

Answer 7

network is footprinted
active and passive
internal or external

Question 8

vulnerability identification

Answer 8

identify those that could be exploited
May be from: misconfigurations,
inherent limitations of software
poor practice

Question 9

exploitation stage

Answer 9

taking advantage of a vulnerability to gain access to the network or compromise the system.
most challenging aspect

Question 10

Report and Recommendations Stage

Answer 10

Provides documentation to the client:
Scan results
identification of vulnerabilities
how exploits were performed
actions for remediation

Question 11

Tools for Scanning and Enumeration

Answer 11

Nmap
Strobe
Kismet (wireless)

Question 12

Tools for Vulnerability Scanning

Answer 12

Nessus

Nexpose

Question 13

Tools for Exploitation

Answer 13

Metasploit
CANVAS
Cain and Abel
John the Ripper
Medusa (online password)
BackTrack