Pen Test Flashcards

1
Q

Security Assessment

A

Any test performed in order to assess the level of security on a network or system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Audit

A

Tests whether an organization is following security policies and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerability Assessment

A

Scans and tests for existing vulnerabilities but does not intentionally exploit any of them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Pen test

A

Scans and tests for existing vulnerabilities AND DOES intentionally exploit them. A signed agreement outlining the scopes and limitations of the pen test should be in place before the test is conducted. A service level agreement (SLA) needs to cover all possibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

External Pen Test

A

Analyzes publicly available information and conducts network scanning, enumeration, and testing from the network perimeter, usually from the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Internal Pen Test

A

Performed from inside the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Red Team

A

Offensive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Blue Team

A

Defensive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Automated Pen Testing tools

A

Core Impact Pro
Codenomicon
Metasploit
CANVAS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Comprehensive PenTest Report

A
  1. An executive summary of the organizations overall security posture under the auspices of FISMA, DIACAP, RMF, HIPAA
  2. The name of all participants and the dates of all tests
  3. A list of findings, presented in order of highest risk
  4. An analysis of each finding and recommended mitigation steps
  5. Log files and other evidence with screenshots
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Insider Threats

A

Pure Insider - an employee
Insider Associate - contractor, guard, cleaning service
Insider Affiliate - spouse, friend or client of an employee
Outside Affiliate - someone outside who uses an open channel to gain access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly