1.4 Explain Penetration Testing Concepts SY0-501 Security+

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

*Active Reconnaissance*

A focus on the system- port scans, traceroute information, network mapping, etc.- to identify weaknesses that could be used to launch an attack. Ch. 12

*Escalation of Privileges*

A hole created when a code is executed with higher privileges than those of the user running it. Ch. 12

*Penetration Testing*

An attempt to exploit the identified vulnerabilities. Ch. 12

*Passive Reconnaissance*

Discovering flaws by means other than directly accessing the system. From public databases, talking to employees, dumpster diving and social engineering. Ch. 12

*Persistence*

Example: Laptop that is infected while traveling for business and the company's network not being compromised until the employee returns and connects to the network. Ch. 12

*Vulnerability Scanning*

Identifying specific vulnerabilities in your network. Ch. 12

*Black Box*

The tester has absolutely no knowledge of the system and is functioning in the same manner as an outside attacker. Ch. 12

*White Box*

The tester has significant knowledge of the system. This simulates an attack from an insider - a rogue employee. Ch. 12

*Gray Box*

This is a middle ground between the first two types of testing. In gray box testing, the tester has some limited knowledge of the target system. Ch. 12

*Pivot* or *Island Hopping*

Using a trusted system to attack another compromised system. Ch. 12


Ensembles d'études connexes

Chapter 13 Power, Politics, Conflict, and Negotiation

View Set

JLPT 漢字マスター N1 生活 ภาษาไทย 23/30 by marc.narmthep

View Set

Chapter 26, Assessment of High-Risk Pregnancy

View Set

TEFL Online Training Unit 3: Planning

View Set

Cellular Respiration, THE MITOCHONDRIA IS THE POWERHOUSE OF THE CELL

View Set

OB EAQ's Chapter 10, 11, 12, 13, 14, 15, 16, 17

View Set

Chapter 13: Group Interventions - PrepU

View Set