Section 13.118 Penetration Testing Flashcards
Objective 5.5 Explain types and purposes of audits and assessments
Penetration Testing
Simulated cyber attack to identify exploitable vulnerabilities in a computer system which assesses systems for potential weaknesses that attackers could exploit
■ Various types include
● Physical
● Offensive
● Defensive
● Integrated
Physical Penetration Testing
Evaluates an organization’s physical security measures
Examples -
● Testing locks
● Access card
● Security cameras
■ Identifies vulnerabilities and recommends improvements for enhanced physical security
Benefits
● Improved security awareness
● Preventing unauthorized access
Known as “red teaming”
Offensive Penetration Testing
Actively seeks vulnerabilities and attempts to exploit them, like a real cyber attack
■ Helps uncover and report vulnerabilities to improve security
■ Can simulate real-world attacks and gain support for cybersecurity investments
Known as “blue teaming”
Defensive Penetration Testing
A reactive approach focused on strengthening systems, detecting and responding to attacks
■ Monitors for unusual activity and improves incident response times
■ Enhances detection capabilities and helps improve incident response
Known as “purple teaming”
Integrated Penetration Testing
Combines elements of offensive and defensive testing
Red team conducts offensive attacks, while the blue team detects and responds
■ Encourages collaboration and learning between the red and blue teams
■ Benefits -
● Comprehensive security assessment
● Promotes collaboration within cybersecurity teams
● Conducts simulated attacks and responses to improve skills
