1.8 Techniques used in Penetration Testing

Ace your homework & exams now with Quizwiz!

During which type of penetration test does the tester specifically include the reconnaissance phase of the test?

Black Box testing

Pivoting from one domain or VLAN to another

Lateral movement

Describes a war flying attack on a college campus?

Map location of the wireless network.

The company is planning an internal security assessment. The exercise requires penetration testers to use non-intrusive techniques to determine the network's security status. What would be appropriate for these testers to follow? List two

Non-intrusive footprinting using Nmap tool. Perform passive vulnerability scans.

An attacker is gathering information from publicly available information on a college campus. The attacker will use information, such as domain names, to identify attack vectors. What best describes this type of passive reconnaissance?

OSINT

Which of the following penetration steps should a tester perform after obtaining a persistent foothold on the network and internal reconnaissance?

Obtain a pivot point

This maps the location and type of wireless networks operated by the target?

War flying is war driving, but in the air with a drone or unmanned aerial vehicle (UAV).

Which of these SYSLOG messages would have the code number "4"?

Warning

During which type of penetration test does the tester skip the reconnaissance phase of the test?

White Box

Which type of penetration test requires the tester to perform partial reconnaissance?

Gray Box Testing

Forcing the exploit to remain even with a reboot or network disconnect

Persistence

What penetration steps should a tester perform before internal reconnaissance?

Persistence, followed by further reconnaissance, occurs when the pen tester attempts to map out the internal network and discover the services running on it and accounts configured to access it.

Attempting to get root or administrative credentials of a database

Privilege escalation

A successful penetration testing exercise that involves multiple debriefs over a long period between participants requires efficient facilitating. Which team would handle this facilitation?

Purple Team

An attacker is using a kill chain attack, moving from host to host, deploying logic bombs and then exiting out. System administrators must not discover these hidden exploits. What can the attacker do to ensure the hack goes unnoticed?

Remove backdoors and tools.

Agreeing to the target customers bug bounty program

Rules of Engagement

What service allows organizations to aggregate threat management, incident response, and repeatable security operations?

SOAR

The purple team members act as _______________ during a purple team exercise. This type of exercise involves collaboration between red and blue teams during breaks throughout the exercise.

facilitators


Related study sets

Praxis 0311/5311 LMS Practice Quiz

View Set

Chapter 1 The Sciences of Anatomy & Physiology

View Set

Fin 360 Review/Application Questions Midterm 1

View Set

Chapter 42: Management of Patients With Musculoskeletal Trauma Prep-U questions

View Set

AP Psychology - Cognition (Unit 5)

View Set

CompTIA Network+ Practice Exam 7

View Set

Electrical Code Calculations lvl 2 Lesson 1- Determining Conductor Ampacity

View Set

A&P - CH. 2.5-2.7: Chemistry Comes Alive - DSMs

View Set

Sociology - Real World - Ch 10: Social Institutions

View Set