11.1 Penetration testing
Rules of engagement
A document that defines exactly how the penetration test will be carried out.
As part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Which type of penetration test are you performing?
Bug Bounty
Scope of work
A very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work.
Blue team
Are the defense of the system. This team is responsible for stopping the red team's advances.
Red team
Are the ethical hackers. This team is responsible for performing the penetration tests.
Which of the following activities are typically associated with a penetration test?
Attempt social engineering.
You have been hired as part of the team that manages an organization's network defense. Which security team are you working on?
Blue
Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs?
Maintain access
Purple team
Members work on both offense and defense. This team is a combination of the red and blue teams.
Black box test
Penetration test in which the ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores the insider threats.
White box test
Penetration test in which the ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.
Gray box test
Penetration test in which the ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This test simulates the insider threat.
Which of the following uses hacking techniques to proactively discover internal vulnerabilities?
Penetration testing
Which phase or step of a security assessment is a passive activity?
Reconnaissance
Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test?
Scope of work
What is the primary purpose of penetration testing?
Test the effectiveness of your security perimeter.
White team
The referees of cybersecurity. This team is responsible for managing the engagement between the red and blue teams. This group typically consists of the managers or team leads.
Bug bounty
These unique tests are setup by organizations such as Google, Facebook, and others. Ethical hackers can receive compensation by reporting bugs and vulnerabilities they discover.
You have been promoted to team lead of one of the security operations teams. Which security team are you now a part of?
White
You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. Which type of penetration test are you performing?
White box
