Intro to Penetration Testing Chapter 1 study guide
Which of the following best describes a supply chain?
A company provides materials to another company to manufacture a product. EXPLANATION A supply chain is set up when materials from one company are needed from another to manufacture a product. A company may work with a store to stock their products to be sold, but this is not a supply chain. Oftentimes, companies use a third-party distribution center to ship sold products to customers, but this is not a supply chain. Some online retailers, such as Amazon, do sometimes act as a distribution center for sellers, but this is not a supply chain because Amazon is not using the sellers' materials to create a new product.
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?
A member of the purple team. EXPLANATION The purple team is a mix of red and blue team members. They basically act as a pipeline between the two teams and can work on either side. The red team consistently works against the blue team to test the organization's security stance, while the blue team focuses on the organization's defensive security. The red team is responsible for establishing and implementing policies and closing vulnerabilities. A black hat hacker is a skilled hacker who uses skills and knowledge for illegal or malicious purposes. A gray hat hacker may cross the line of what is ethical, but usually has good intentions and isn't malicious like a black hat hacker.
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?
APT EXPLANATION An APT (advanced persistent threat) is a stealthy attack that gains access to a network or computer system and remains hidden for an extended period of time. A logic bomb is designed to be triggered by a certain event, such as running a specific program, visiting a certain website, or the arrival of a specific date or time. A Trojan horse provides the hacker with covert remote access to the victim's system. These programs are embedded and hidden inside legitimate programs. A virus is a self-replicating program that often attaches and hides itself in a legitimate program. A virus is designed to replicate itself throughout the computer and modify existing programs, often to cause damage to the computer system.
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?
Add the cloud host to the scope of work. EXPLANATION Since Hannah is in the planning stage, she will need to add the cloud host to the scope of work. Cloud-based systems require some extra steps before penetration testing can begin. The issue is that the systems aren't owned by the client, but by the cloud hosting provider. An organization might be required to conduct penetration tests to meet regulations. But, in this case, the cloud provider must also authorize the penetration test and will need to be involved and approve the scope of work. A non-disclosure agreement is a common legal contract that outlines confidential material or information that will be shared during the assessment and the restrictions placed on it.
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?
Black box EXPLANATION In a black box test, the ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores insider threats. In a white box test, the ethical hacker is given full information about the target or network. This allows for a comprehensive and thorough test, but it is not a very realistic situation. A black hat hacker is a skilled hacker who uses skills and knowledge for illegal or malicious purposes. A white hat hacker is a skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission has been given.
ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work?
Company Culture. EXPLANATION During the premerger, areas such as physical security, data security, company culture, and network systems need to be tested. A penetration test during this phase can help identify shortcomings and large differences that if left unattended could lead to disastrous results after the merger or acquisition. Email and password policies are already included in the network systems test. Employee IDs are included in the physical security test
Which type of penetration test is required to ensure an organization is following federal laws and regulations?
Compliance-based explanation: Compliance-based penetration tests are required to ensure an organization follows federal laws and regulations. A goal-based penetration test focuses on end results. The test's goals are specific, but the methods for reaching them are determined by the hacker himself. An objective-based test focuses on the overall security of the organization and its data security. When people think of a penetration test, this is often what they think of. A white box test occurs when an ethical hacker is given full information about the target or network.
Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?
DMCA EXPLANATION The Digital Millennium Copyright Act (DMCA) was enacted in 1998 to protect copyrighted works. The Payment Card Industry Data Security Standards (PCI DSS) defines the security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and any other type of payment cards. The Health Insurance Portability and Accountability Act (HIPPA) was created as health records and data started being stored electronically. Its goal is to create a set of standards that would ensure this information is kept safe and is only shared with the patient and medical professionals that need it. The Federal Information Security Management Act (FISMA) was signed into law in 2002 and defines how federal government data, operations, and assets are handled.
Which of the following best describes what FISMA does?
Defines how federal government data, operations, and assets are handled. EXPLANATION The Federal Information Security Management Act (FISMA) was signed into law in 2002 and defines how federal government data, operations, and assets are handled. The Sarbanes Oxley Act (SOX) was enacted in 2002 with the goal of implementing accounting and disclosure requirements that would increase transparency in corporate governance and financial reporting and formalize a system of internal checks and balances. The Payment Card Industry Data Security Standards (PCI DSS) defines the security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and any other type of payment cards. The Health Insurance Portability and Accountability Act (HIPPA) was created as health records and data started being stored electronically. Its goal is to create a set of standards that ensure this information is kept safe and is only shared with the patient and medical professionals that need it.
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?
Ethical Hacking EXPLANATION Ethical hacking is an all-encompassing term that includes all hacking methods, so penetration testing is a part of ethical hacking. Red teaming is the act of performing offensive security functions for an organization. Blue teaming is the act of performing defensive security functions for an organization. Network scanning is the process of monitoring network activities.
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing?
External EXPLANATION An external test focuses on any publicly facing system, such as a web server that resides in the DMZ. An internal test focuses on any systems that logically resides behind the firewall. These can be offsite or onsite. A black box test occurs when an ethical hacker has no information about the target or network. A white box test occurs when an ethical hacker has full information about the target or network.
Which of the following best describes a goal-based penetration test?
Focuses on the end results. The hacker determines the methods. EXPLANATION A goal-based penetration test focuses on end results. The goals are specific, but the methods for reaching them are determined by the hacker himself. An objective-based test focuses on the overall security of the organization and its data security. When people think of a penetration test, this is often what they think of. Compliance-based penetration tests are needed to ensure an organization follows federal laws and regulations. A white box test means the ethical hacker has been given full information about a target or network.
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?
Gray hat. EXPLANATION A gray hat hacker falls in the middle of the white hat and black hat hackers. The gray hat may cross ethical lines, but usually has good intentions and isn't being malicious like a black hat hacker. A white hat is a skilled hacker who uses their skills and knowledge for defensive purposes only. Many organizations and companies employ these security analysts, who understand the hacker's mindset. A state-sponsored hacker works for a government and attempts to gain top-secret information by hacking other governments. A script kiddie only uses tools and scripts that have been developed by others. This person has no desire to understand how these tools work and is extremely unskilled.
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?
HIPAA EXPLANATION The Health Insurance Portability and Accountability Act (HIPPA) was created as health records and data started being stored electronically. Its goal is to create a set of standards that would ensure this information is kept safe and is only shared with the patient and medical professionals that need it. The Payment Card Industry Data Security Standards (PCI DSS) defines the security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and any other type of payment cards. The Digital Millennium Copyright Act (DMCA) was enacted in 1998 to protect copyrighted works. The Federal Information Security Management Act (FISMA) was signed into law in 2002 and defines how federal government data, operations, and assets are handled.
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?
Ignore the records and move on. EXPLANATION During a penetration test, the ethical hacker will run across or gain access to highly sensitive data. This could include clients' financial information, customer data, passwords, and more. In this situation, the hacker is expected to keep this information confidential and not view any more than is necessary for reporting purposes. The penetration tester has no reason to make a backup of the records. The penetration tester should not continue digging and look for illegal activity. The penetration tester should not sell or divulge any information.
Which of the following best describes what SOX does?
Implements accounting and disclosure requirements that increase transparency. EXPLANATION The Sarbanes Oxley Act (SOX) was enacted in 2002 with the goal of implementing accounting and disclosure requirements that would increase transparency in corporate governance and financial reporting and formalize a system of internal checks and balances. The Federal Information Security Management Act (FISMA) was signed into law in 2002 and defined how federal government data, operations, and assets were handled. The Payment Card Industry Data Security Standards (PCI DSS) defines the security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and any other type of payment cards. The Health Insurance Portability and Accountability Act (HIPPA) was created as businesses began storing health records and data electronically. HIPPA's goal is to create a set of standards that ensure medical information is kept safe and is only shared with the patient and medical professionals that need it.
You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed? ::Image::
Internal EXPLANATION An internal test will focus on any systems that logically resides behind the firewall. These can be off-site or on-site. An external test will focus on any publicly facing system, such as a web server that resides in the DMZ. A black box test means that the ethical hacker has no information about the target or network. A gray box test means that the ethical hacker is given partial information about the network and computer systems.
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?
PCI DSS EXPLANATION The Payment Card Industry Data Security Standards (PCI DSS) defines the security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and any other type of payment cards. The Health Insurance Portability and Accountability Act (HIPPA) was created as health records and data started being stored electronically. Its goal is to create a set of standards that would ensure this information is kept safe and is only shared with the patient and medical professionals that need it. The Digital Millennium Copyright Act (DMCA) was enacted in 1998 to protect copyrighted works. The Federal Information Security Management Act (FISMA) was signed into law in 2002 and defines how federal government data, operations, and assets are handled.
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?
Reporting EXPLANATION The only difference between the penetration testing life cycle and ethical hacking methodology is the focus on the documentation of the penetration test. A detailed report of the tests performed and everything that was discovered is important to a penetration test. Reconnaissance, gaining access, and maintaining access are all steps in both methodologies.
Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?
Scanning and enumeration EXPLANATION Scanning is the second phase in the ethical hacking methodology. The hacker uses various tools to gather in-depth information about the network, computer systems, live systems, open ports, and more. Extracting information such as usernames, computer names, network resources, shares, and services is known as enumeration. Enumeration is a part of the Scanning step. Reconnaissance is the first phase in the ethical hacking methodology. The hacker begins gathering information about their target. This can include gathering publicly available information, using social engineering techniques, or dumpster diving. Gaining access is the third phase in the ethical hacking methodology. In this phase, the hacker uses all the information gathered through reconnaissance and scanning and then exploits vulnerabilities to gain access. Maintaining access is the fourth phase in the ethical hacking methodology. Once the hacker has gained access, he can use backdoors, rootkits, or Trojans to establish permanent access to the system.
Which of the following documents details exactly what can be tested during a penetration test?
Scope of Work EXPLANATION The scope of work is a very detailed document that defines exactly what software, and hardware, test types, and facility features are going to be included in the penetration test. This document is also referred to as the statement of work. The rules of engagement document details how the test will be carried out. The master service agreement is a contract where parties agree to most of the terms that will govern future actions. The non-disclosure agreement is a common legal contract outlining confidential material or information that will be shared during the assessment and what restrictions are placed on it.
Which document explains the details of an objective-based test?
Scope of work EXPLANATION The scope of work is a very detailed document that defines exactly what is going to be included in a penetration test. This document is also referred to as the statement of work. When a change to the scope of work is requested, a change order should be filled out and agreed on by all pertinent stakeholders. Once this is done, the additional tasks can be completed. The rules of engagement document details how the test will be carried out. The permission to test is often referred to as the get-out-of-jail-free card. Since most people in the client's organization will not know about the penetration test occurring, this document is used if the penetration tester gets caught.
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?
Specific/Measurable/Attainable/Relevant/Timely EXPLANATION SMART goals are very useful when establishing and defining the goals of a penetration test. SMART goals help create goals that are specific, measurable, attainable, relevant, and timely (or time-bound).
Which of the following best describes social engineering?
The art of deceiving and manipulating others into doing what you want. EXPLANATION Social engineering is the art of deceiving and manipulating others into doing what you want. Social engineering techniques can occur during in-person interactions. For example, a social engineer may dress as pest control professional to gain access to a building. The process of analyzing an organization's security and locating security holes is known as threat modeling. An Advanced Persistent Threat (APT) is a stealthy computer network attack in which a person or group gains unauthorized access for an extended period. Sending an email that appears to be from a bank to trick a target into entering their credentials on a malicious website is a phishing attack. Phishing attacks are a type of social engineering attack.
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught. EXPLANATION A suicide hacker is only concerned with taking down their target for a cause. This hacker has no concerns about being caught or going to jail. A gray hat hacker falls in the middle of the white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't being malicious like a black hat hacker. A cyber terrorist is motivated by religious or political beliefs and wants to create severe disruption or widespread fear. A hacktivist will often target government agencies, corporations, or any entity they are protesting. Their main purpose is to protest an event and draw attention to their views and opinions.
The process of analyzing an organization's security and determining its security holes is known as:
Threat modeling EXPLANATION Threat modeling is the process of analyzing an organization's security and determining its security holes. Once a threat model is put together, the organization can begin securing its systems and data. Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing the computer or network system. Ethical hacking is an all-embracing term that includes all hacking methods. Extracting information such as usernames, computer names, network resources, shares, and services is called enumeration.
Which type of threat actor only uses skills and knowledge for defensive purposes?
White hat EXPLANATION A white hat is a skilled hacker who uses their skills and knowledge for defensive purposes only. Many organizations and companies now employ these security analysts, who understand the hacker's mindset. The gray hat hacker falls in the middle of the white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't being malicious like a black hat hacker. A hacktivist often targets government agencies, corporations, or any entity they are protesting. A script kiddie only uses tools and scripts that have been developed by others. This person has no desire to understand how these tools work and is extremely unskilled.
Which of the following is the third step in the ethical hacking methodology?
gain access EXPLANATION Gaining access is the third phase in the ethical hacking methodology. In this phase, the hacker uses all the information gathered through reconnaissance and scanning and then exploits vulnerabilities to gain access. Reconnaissance is the first phase in the ethical hacking methodology. The hacker begins gathering information about their target. This can include gathering publicly available information, using social engineering techniques, or even dumpster diving. Scanning and enumeration is the second phase in the ethical hacking methodology. The hacker will use various tools to gather in-depth information about the network, computer systems, live systems, open ports, and more. Extracting information such as usernames, computer names, network resources, shares, and services is known as enumeration. Enumeration is a part of the scanning step. Clearing tracks is the final step in the hacking process. The hacker performs tasks such as overwriting log files to hide the fact they were ever there.
Which of the following is a limitation of relying on regulations?
they rely heavily on password policies. EXPLANATION One of the drawbacks to many federal regulations is that they rely heavily on password policies, which are often outdated. Federal regulations are not updated regularly and can fall behind accepted best practices. Federal regulations take precedence over industry standards because they're mandated by the government. Federal regulations are very defined and can limit security management options.
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process?
tolerance EXPLANATION After a risk assessment is performed and vulnerable areas identified, the organization needs to decide their tolerance level for performing a penetration test. Areas of risk that can be tolerated need to be placed in the scope of work, whereas those critical areas may need to be place out of scope, or off-limits. When a risk can be avoided, it should be. This is known as risk avoidance. Transference is the process of moving the risk to another entity. Risk mitigation is also called risk reduction. Sometimes the risks cannot be transferred or avoided. In this case, steps must be taken to reduce the damage that can occur.