Penetration Testing Concepts Flashcards

1
Q

The use of tools to send data to systems and then understand responses that is accomplished with various network and vulnerability scanners. This can be incredibly illegal and should not be engaged in without being given proper authorization.

A

Active reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You do not touch any of the target’s equipment though you are going through available information – forums, social media – about company and its employees.

A

Passive reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Using a compromised machine to attack other machines on the same network by gaining access to an area of lower security in order to be more likely to have a successful attack on an area of greater security

A

Pivot

AKA Island hopping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Usually the hardest part – a vulnerability is taken advantage of to get into the network or system

A

Initial exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Installing backdoors or methods to keep access to the host or networks.

A

Persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Allows for a user to get a higher-level access than what authentication allows for and can be resolved through patching and updating. This is typically related to a bug or vulnerability.

A

Escalation of privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have no prior knowledge of a network

A

Black box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are given a network map and you have full knowledge of the configurations allowing you to perform specific tests.

A

White box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Knowledge of the network but not incredibly detailed

A

Grey box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Active attack on the network to exploit vulnerabilities and can assess potential damages and the potential of the exploits being found – human

A

Penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Passively scans and identifies vulnerabilities – automated

A

Vulnerability scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly