Planning and Scoping Flashcards

1
Q

Questions to understand the scope of the pentest?

A
  • How many IPs will be tested?
  • How many assets?
  • How many URLs? How many pages per URL?
  • Are there any Web Application Firewalls or next gen firewalls?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of Pentest

A
  • External network Pentest
  • Internal Network Pentest
  • Web Application Pentest
  • Mobile App Pentest
  • IoT/SCADA Pentest
  • Red Team exercise
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Testing visibility

A
  • Black Box
  • Grey Box
  • White Box
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Black box Testing

A

No information provided about the system.
Only IP addresses or URL
Simulates a hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Grey box testing

A
  • Some level access to the application
  • Credentials to access parts of the application
  • Simulate a hacker with an initial foothold
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ROE

A

Rules of Engagement:
- Attacking scopes
- Attacking rules
- Network limitations
- Testing time
- Emergency contacts
- Integrity/privacy requirement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly