1.8 Explain the techniques used in penetration testing

Question 1

What is Penetration testing?

Answer 1

Penetration testing is a proactive security assessment technique that involves simulating real-world cyberattacks on an organization’s systems, networks, or applications to identify vulnerabilities, assess security controls, and evaluate the effectiveness of defense mechanisms.

Question 2

What term describes the proactive simulation of cyberattacks to identify vulnerabilities?

Answer 2

Penetration testing

Question 3

What is a Known environment in penetration testing?

Answer 3

A Known environment in penetration testing refers to a scenario where the tester has comprehensive knowledge about the target systems, networks, or applications, including access credentials, configuration details, and architecture, allowing for focused testing and analysis of known vulnerabilities.

Question 4

What term describes a penetration testing scenario where the tester has comprehensive knowledge about the target environment?

Answer 4

Known environment

Question 5

What is an Unknown environment in penetration testing?

Answer 5

An Unknown environment in penetration testing refers to a scenario where the tester has limited or no prior knowledge about the target systems, networks, or applications, requiring extensive reconnaissance, scanning, and enumeration to discover vulnerabilities and assess security posture.

Question 6

What term describes a penetration testing scenario where the tester has limited prior knowledge about the target environment?

Answer 6

Unknown environment

Question 7

What is a Partially known environment in penetration testing?

Answer 7

A Partially known environment in penetration testing refers to a scenario where the tester has some information or understanding about the target systems, networks, or applications, but not comprehensive knowledge, requiring a combination of reconnaissance and testing techniques to identify vulnerabilities.

Question 8

What term describes a penetration testing scenario where the tester has limited but not comprehensive knowledge about the target environment?

Answer 8

Partially known environment

Question 9

What are Rules of engagement in penetration testing?

Answer 9

Rules of engagement in penetration testing are guidelines or agreements established between the tester and the client that outline the scope, objectives, limitations, and permissible actions for conducting the test, ensuring alignment with organizational goals, legal requirements, and ethical standards.

Question 10

What term describes guidelines or agreements for conducting penetration tests?

Answer 10

Rules of engagement

Question 11

What is Lateral movement in penetration testing?

Answer 11

Lateral movement in penetration testing refers to the technique of traversing or moving horizontally across a network or system from one compromised endpoint to another, typically to escalate privileges, access sensitive data, or pivot to additional targets, simulating the tactics used by real-world attackers.

Question 12

What term describes the technique of moving horizontally across a network in penetration testing?

Answer 12

Lateral movement

Question 13

What is Privilege escalation in penetration testing?

Answer 13

Privilege escalation in penetration testing refers to the process of gaining higher levels of access or permissions within a system, network, or application beyond what was initially granted, often by exploiting vulnerabilities, misconfigurations, or insecure design to elevate privileges and access sensitive resources.

Question 14

What term describes the process of gaining higher levels of access within a system or network?

Answer 14

Privilege escalation

Question 15

What is Persistence in penetration testing?

Answer 15

Persistence in penetration testing refers to the ability of an attacker to maintain unauthorized access or control over a compromised system, network, or application even after initial exploitation or detection, often achieved by installing backdoors, creating user accounts, or establishing covert communication channels.

Question 16

What term describes the ability of an attacker to maintain access or control after initial exploitation?

Answer 16

Persistence

Question 17

What is Cleanup in penetration testing?

Answer 17

Cleanup in penetration testing refers to the process of removing or mitigating the traces, artifacts, or backdoors left behind by the penetration tester during testing activities to restore the target environment to its original state and ensure no residual impact or vulnerabilities remain.

Question 18

What term describes the process of removing traces or artifacts after penetration testing?

Answer 18

Cleanup

Question 19

What is Bug bounty in penetration testing?

Answer 19

Bug bounty programs in penetration testing are initiatives or platforms offered by organizations to incentivize independent security researchers, hackers, or ethical hackers to identify and responsibly disclose security vulnerabilities in exchange for monetary rewards, recognition, or other incentives.

Question 20

What term describes programs that reward individuals for finding security vulnerabilities?

Answer 20

Bug bounty

Question 21

What is Pivoting in penetration testing?

Answer 21

Pivoting in penetration testing refers to the technique of using compromised systems or footholds within a network to gain access to other systems, networks, or segments that are otherwise inaccessible or protected, enabling attackers to expand their reach and control within the target environment.

Question 22

What term describes the technique of using compromised systems to access other parts of a network?

Answer 22

Pivoting

Question 23

What are Passive and active reconnaissance in penetration testing?

Answer 23

Passive reconnaissance involves gathering information about a target without directly interacting with it, while active reconnaissance involves actively probing, scanning, or interacting with the target to collect information about its systems, networks, or vulnerabilities.

Question 24

What terms describe gathering information about a target without direct interaction and actively probing the target, respectively?

Answer 24

Passive and active reconnaissance

Question 25

What are Drones in penetration testing?

Answer 25

Drones in penetration testing refer to unmanned aerial vehicles equipped with sensors or tools for conducting reconnaissance, surveillance, or security assessments of physical or wireless infrastructure, providing remote access to difficult-to-reach or hazardous areas.

Question 26

What term describes unmanned aerial vehicles used for reconnaissance or security assessments?

Answer 26

Drones

Question 27

What is War flying in penetration testing?

Answer 27

War flying in penetration testing is a technique involving the use of drones or aircraft to conduct aerial reconnaissance or scanning of wireless networks, identifying vulnerabilities, misconfigurations, or unauthorized access points from the air.

Question 28

What term describes the technique of using drones or aircraft for aerial reconnaissance of wireless networks?

Answer 28

War flying

Question 29

What is War driving in penetration testing?

Answer 29

War driving in penetration testing is a technique involving the use of vehicles equipped with wireless sniffers or scanning tools to detect, map, or analyze wireless networks and access points within a specific geographic area, identifying vulnerabilities or unauthorized access.

Question 30

What term describes the technique of using vehicles with wireless sniffers to map wireless networks?

Answer 30

War driving

Question 31

What is Footprinting in penetration testing?

Answer 31

Footprinting in penetration testing refers to the process of gathering information about a target organization, its systems, networks, or employees using publicly available sources, search engines, social media, or other open-source intelligence (OSINT) techniques.

Question 32

What term describes the process of gathering information about a target organization using publicly available sources?

Answer 32

Footprinting

Question 33

What is OSINT in penetration testing?

Answer 33

OSINT (Open-source intelligence) in penetration testing refers to the collection and analysis of publicly available information from sources such as the internet, social media, news outlets, or public records to gather intelligence, reconnaissance, or insights about a target organization or individual.

Question 34

What term describes the collection and analysis of publicly available information for intelligence purposes?

Answer 34

OSINT

Question 35

What are Exercise types in penetration testing?

Answer 35

Exercise types in penetration testing refer to different approaches or methodologies used for conducting security assessments, including Redteam exercises focused on offensive tactics, Blueteam exercises for defensive strategies, and Whiteteam exercises for collaboration and coordination between teams.

Question 36

What terms describe different approaches for conducting security assessments, focusing on offense, defense, and collaboration?

Answer 36

Redteam, Blueteam, Whiteteam

Question 37

What is Redteam in penetration testing?

Answer 37

Redteam in penetration testing refers to a group of security professionals or ethical hackers who simulate real-world cyberattacks on an organization’s systems, networks, or applications to identify vulnerabilities, test defenses, and evaluate the effectiveness of security controls and incident response.

Question 38

What term describes a group that simulates real-world cyberattacks during security assessments?

Answer 38

Redteam

Question 39

What is Blueteam in penetration testing?

Answer 39

Blueteam in penetration testing refers to a group of security professionals or defenders responsible for implementing and maintaining security controls, monitoring systems for threats or vulnerabilities, and responding to security incidents or breaches within an organization’s environment.

Question 40

What term describes a group responsible for implementing and maintaining security controls during security assessments?

Answer 40

Blueteam

Question 41

What is Whiteteam in penetration testing?

Answer 41

Whiteteam in penetration testing refers to a collaborative approach where multiple teams, including Redteam, Blueteam, and other stakeholders, work together to plan, coordinate, and execute security exercises, share knowledge, and improve overall security posture and incident response capabilities.

Question 42

What term describes a collaborative approach involving multiple teams working together during security exercises?

Answer 42

Whiteteam

Question 43

What is Purpleteam in penetration testing?

Answer 43

Purpleteam in penetration testing refers to an integrated and cross-functional team approach that combines offensive (Redteam) and defensive (Blueteam) security professionals to jointly conduct security assessments, identify weaknesses, and improve overall security resilience and preparedness.

Question 44

What term describes an integrated team approach combining offensive and defensive security professionals?

Answer 44

Purpleteam