11.1 - Luke.s

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Rules of engagement

A document that defines exactly how the penetration test will be carried out.

Scope of work

A very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work.

Which of the following activities are typically associated with a penetration test?

Attempt social engineering.

You have been hired as part of the team that manages an organization's network defense. Which security team are you working on?

Blue

Blue team

Blue team members are the defense of the system. This team is responsible for stopping the red team's advances.

As part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Which type of penetration test are you performing?

Bug bounty

Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs?

Maintain access

Purple team

Members of the purple team work on both offense and defense. This team is a combination of the red and blue teams.

Maintain Access

Once the pentester has gained access, maintaining that access becomes the next priority. This can be done by installing backdoors, rootkits, or Trojans.

Black box test

Penetration test in which the ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores the insider threats.

White box test

Penetration test in which the ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.

Gray box test

Penetration test in which the ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This test simulates the insider threat.

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Penetration testing

Which phase or step of a security assessment is a passive activity?

Reconnaissance

Scan/enumerate

Running scans on the target is the second phase. During this phase, the ethical hacker is actively engaged with the target. Enumeration is part of the scanning phase. Enumeration uses scanning techniques to extract information such as:

Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test?

Scope of work

What is the primary purpose of penetration testing?

Test the effectiveness of your security perimeter.

Black box

The ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores insider threats.

White box

The ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.

Gray box

The ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This test simulates the insider threat.

Report

The final phase is generating the test results and supporting documentation. After any penetration test, a detailed report must be compiled. Documentation provides extremely important protection for both the penetration tester and the organization.

Perform reconnaissance

The first phase in the pentesting process is reconnaissance, also known as footprinting

Red team

The red team members are the ethical hackers. This team is responsible for performing the penetration tests.

Gain access

The third phase takes all of the information gathered in the reconnaissance and scanning phases to exploit any discovered vulnerabilities in order to gain access.

White team

The white team members are the referees of cybersecurity. This team is responsible for managing the engagement between the red and blue teams. This group typically consists of the managers or team leads.

Bug bounties

These unique tests are programs that are setup by organizations such as Google, Facebook, and many others. The organization sets strict guidelines and boundaries for ethical hackers to operate within. Any discovered vulnerabilities are reported and the ethical hacker is paid based on the severity of the vulnerability.

Bug bounty

These unique tests are setup by organizations such as Google, Facebook, and others. Ethical hackers can receive compensation by reporting bugs and vulnerabilities they discover.

You have been promoted to team lead of one of the security operations teams. Which security team are you now a part of?

White

You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. Which type of penetration test are you performing?

White box

Rules of engagement

document defines exactly how the penetration test will be carried out.

Scope of work

very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work. This document should answer the:


Ensembles d'études connexes

AP Macro Econ Chapter 24-26 Practice Test

View Set

Averse - (adjective) having a strong dislike of or opposition to something

View Set

Reading 27: Understanding Cash Flow Statements - The Cash Flow Statement: Components and Format

View Set