Security Assessment and Testing

Question 1

Security Assessment

Answer 1

Technical Security Testing
Security process assessment
Security Audits

Question 2

Technical Security testing

Answer 2

Vulnerability assessment
Penetration testing (network, web, physical, wireless)
Code Review
Phishing exercises
Password assessments

Question 3

Server-Side Exploitation Process

Answer 3

Performance reconnaissance
Network enumeration
Port scanning
Determine version of OS & services
Determine vulnerable service versions
Exploit vulnerable services

Question 4

Penetration Testing Process

Answer 4

Business process (Scope, rules of engagement)
Reconnaissance
Scanning - vulnerability assessment
Exploitation
Post exploitation

Question 5

White box testing

Answer 5

software testing method that uses internal algorithms and information to conduct the test

Question 6

Black box testing

Answer 6

testing with no inside knowledge of application

e.g. testing against compiled code with no access to source

Question 7

Fuzzing

Answer 7

sending unexpected input

ask for username, type in 1000 characters to see if program crashes

Question 8

Security Audits

Answer 8

implies that an organization is being measured against a defined standard