PenTest+ Study Notes 3

Question 1

Once the team has identified the scope and the assets that are to be tested, they must also review with the stakeholders any restrictions that will influence their testing. Certain pentesting tools are allowed or illegal in certain countries.

Answer 1

info

Question 2

When defining a timeline for a PenTest, this will outline the specific parameters along with an estimation of time needed to complete all testing that is included in the contract. So that the organization understands the procedure for PenTesting, it’s best to sit down with the stakeholders and outline how the team will proceed with the test.

When scheduling, the team will explain to the stakeholders how testing during normal business hours will help assess the organization’s reaction to attacks. However, there may also be time of day restrictions when no testing is allowed, as it may impact potential services and cause an outage.

Answer 2

info

Question 3

??? Allowable tests.

Adhering to the Scope -> The legal documents will define what locations, systems, applications, or other potential targets are to be included or excluded.

Recognizing Other Restrictions -> The details of the PenTest may also include other restrictions such as possible technical or location constraints. For example, there may be a legacy system that has had several issues with automated scanning.

Limit Invasiveness based on Scope -> What is being tested, and what is not? Define the acceptable actions, such as social engineering and physical security tasks. In addition, if planning an invasive attack, such as a Denial of Service attack (DoS attack) as part of the testing, have the stakeholder define any restrictions that might impact fragile systems. Limit the Use of Tools to a particular engagement.

Answer 3

Understanding the Restrictions of Testing :

Question 4

??? have a particular purpose or reason. For example, before implementing a new point of sale (PoS) system that accepts credit cards, the PenTesting team might test the system for any security issues prior to implementation.

??? requires financial institutions to ensure security and confidentiality of client information and takes steps to keep customer info secure.

??? governs the privacy and disclosure of personal information gathered by state Departments of Motor Vehicles.

Answer 4

Goals-based/objectives-based assessments / GLBA / Driver’s Privacy Protection Act

Question 5

??? is a contract that establishes precedence and guidelines for any business documents that are executed between two parties. It can be used to cover recurring costs and any unforeseen additional charges that may occur during a project without the need for an additional contract. Prior to signing, all parties should carefully read the ??? to ensure that the agreement does not conflict with any other contracts or insurance policies. In addition, the ??? must be modifiable as there may be necessary changes that may occur in the future.

Answer 5

Master Service Agreement (MSA) :

Question 6

??? Project scope and a definition of the work that is to be completed

Compensation specifics that include invoicing and any reports required when submitted

Requirements for any permits, licensing, or certifications

Safety guidelines and environmental concerns

Insurances such as general and liability.

Answer 6

Some elements of MSA :

Question 7

A professionally written MSA will help avoid disputes between parties and outline a clear ending to the PenTest engagement.

Once you have an MSA to solidify the legal terms between the parties, you can then create one or more Statement of Work (SOW) to outline project-specific services and payment terms.

Answer 7

info

Question 8

??? is a document that defines the expectations for a specific business arrangement. It typically includes a list of deliverables, responsibilities of both parties, payment milestones, schedules, and other terms.

??? provides the details on the work that the client has agreed to pay. As a result, it has a direct impact on team activities. It also can be used by the PenTest team to charge for out-of-scope requests and additional client-incurred costs.

Answer 8

SOW

Question 9

DNS resource finders : whois / dig (learn these)

??? Mail Exchange (MX) record -> provides the mail server that accepts email messages for a particular domain.

Nameserver (NS) record -> lists the authoritative DNS server for a particular domain.

Text (TXT) record -> provides information about a resource such as a server or network in human readable form.

Service (SRV) record -> provides host and port information on services such as voice over IP (VoIP) and instant messaging (IM).

Answer 9

DNS Records

Question 10

??? is a command-line tool used in either a Windows or Linux operating system (OS) that can be used to query a domain and specify various record types.

??? is a utility widely used on a Linux OS that can perform reverse lookups to match an IP address to a domain name.

??? uses google search engine to identify potential weaknesses in publicly available sources, such as org.’s websites.

Answer 10

Nslookup / Dig / Google Hacking