1.8 Explain the techniques used in penetration testing.

Question 1

During a pentest, which team acts as the facilitators

Answer 1

Purple Team

Question 2

During a pentest,which team is responsible for setting the rules of engagement and monitor the pen test

Answer 2

White Team- This group typically consists of the managers or team leads.

Question 3

During a pentest,which team is one of two teams competing in pen test in a defensive role.

Answer 3

Blue Team

Question 4

During a pentest, which team is competing with an offensive role.

Answer 4

Red Team

Question 5

What is footprinting

Answer 5

obtaining information about a host or network topology

Question 6

What is persistence in the pen test steps

Answer 6

occurs when the pen tester attempts to map out the internal network and discover the services running on it and accounts configured to access it.

Question 7

What are the steps in a Pentest

Answer 7

1. Perform Reconnaissance
2. Scan/enumerate
3. Gain Access
4. Maintain Access
5. Report

Question 8

Type of pen test where The ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This test simulates the insider threat.

Answer 8

Gray box

Question 9

Type of pen test where The ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores insider threats.

Answer 9

Black box

Question 10

Type of pen test where The ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.

Answer 10

White box

Question 11

In a Pen test, what happens during the perform recon phase?

Answer 11

The first phase in the pentesting process is reconnaissance, also known as footprinting. In this phase, the pentester begins gathering information on the target. This can include gathering publicly available information, using social engineering techniques, or even dumpster diving.

Question 12

In a Pen test, what happens during the Scan enumerate phase?

Answer 12

Running scans on the target is the second phase. During this phase, the ethical hacker is actively engaged with the target.
Enumeration is part of the scanning phase. Enumeration uses scanning techniques to extract information such as:

Usernames
Computer names
Network resources
Share names
Running services

Question 13

In a Pen test, what happens during the Gain access phase?

Answer 13

The third phase takes all of the information gathered in the reconnaissance and scanning phases to exploit any discovered vulnerabilities in order to gain access.
After gaining access, the pentester can perform lateral moves, pivoting to other machines on the network. The pentester will begin trying to escalate privileges with the goal of gaining administrator access.

Question 14

In a Pen test, what happens during the Maintain access phase?

Answer 14

Once the pentester has gained access, maintaining that access becomes the next priority. This can be done by installing backdoors, rootkits, or Trojans.

Question 15

In a Pen test, what happens during the report phase?

Answer 15

The final phase is generating the test results and supporting documentation. After any penetration test, a detailed report must be compiled. Documentation provides extremely important protection for both the penetration tester and the organization.

Question 16

OSINT

Answer 16

Open Source Intelligence (OSINT) gathering refers to using web search tools and social media to obtain information about the target and is part of the reconnaissance phase.

Question 17

What is war flying

Answer 17

War flying is war driving, but in the air with a drone or unmanned aerial vehicle (UAV). This maps the location and type of wireless networks operated by the target.

Question 18

What step should Pen tester take before internal recon?

Answer 18

Peristence