1.8

Question 1

Is a cybersecurity assessment methodology used to identify and exploit security vulnerabilities in a system, network, or application.

Answer 1

Penetration testing

Question 2

Refers to an environment for which comprehensive information and documentation are available, including system configurations, network architecture, and security controls. Penetration testing in a _____________ involves testing against well-understood systems and known vulnerabilities.

Answer 2

Known environment

Question 3

Refers to an environment for which limited or incomplete information is available. Penetration testing in an ________________ involves exploring and discovering vulnerabilities through reconnaissance, scanning, and enumeration techniques.

Answer 3

Unknown environment

Question 4

Refers to an environment for which some information is available, but critical details or configurations are missing or incomplete. Penetration testing in a _________________ involves leveraging available information while conducting additional reconnaissance and analysis to uncover hidden vulnerabilities.

Answer 4

Partially known environment

Question 5

__________________ in cybersecurity define the scope, objectives, limitations, and rules governing a cybersecurity assessment, exercise, or operation, such as penetration testing. __________ outline the permissible actions, targets, and methodologies that participants are allowed to use and establish guidelines to ensure the safety, legality, and effectiveness of the activity.

Answer 5

Rules of engagement (ROE)

Question 6

Refers to the techniques used by attackers to move horizontally across a network after gaining initial access to a system. Allows attackers to escalate privileges, explore the network, and compromise additional systems to achieve their objectives.

Answer 6

Lateral movement

Question 7

Is the process of gaining higher levels of access than originally granted by exploiting vulnerabilities in a system.

Answer 7

Privilege escalation

Question 8

Is the ability of an attacker to exist beyond a machine reboot or after disconnection.

Answer 8

Persistence

Question 9

Are mechanisms where companies pay hackers for revealing the details of vulnerabilities that they discover.

Answer 9

Bug bounty

Question 10

Where an attacker moves to a new location in a network and begins the attack process over again.

Answer 10

Pivoting

Question 11

Involves gathering information about a target system, network, or environment without directly interacting with it.

Answer 11

Passive reconnaissance

Question 12

Involves actively probing, scanning, or interacting with target systems to gather information, such as port scanning, network mapping, or service enumeration.

Answer 12

Active reconnaissance

Question 13

The act of using a drone to fly over a facility and capture wireless network traffic.

Answer 13

War flying

Question 14

Involves driving or walking around urban or suburban areas to detect and map wireless networks and access points.

Answer 14

War driving

Question 15

Is the process of gathering information about a target system, network, or organization to identify potential attack vectors, vulnerabilities, or points of entry.

Answer 15

Footprinting

Question 16

Refers to the analysis of publicly available information from open sources to gather intelligence about a system.

Answer 16

OSINT

Question 17

A team of cybersecurity professionals who are focused on offense.

Answer 17

Red-team

Question 18

A team of cybersecurity professionals who are focused on defense.

Answer 18

Blue-team

Question 19

Is a neutral group of cybersecurity professionals responsible for overseeing cybersecurity exercises, simulations, or competitions.

Answer 19

White-team

Question 20

A team of cybersecurity professionals that combine the red and blue team.

Answer 20

Purple-team