Pen Testing

Question 1

Name 6 methods of attacking a network

Answer 1

Malware
Insecure Cloud
Unpatched software with known vulnerabilities
Web attack
Phishing
Supply Chain

Question 2

How do most attacks on a companies network start?

Answer 2

phishing

Question 3

What is the ARP protocol?

Answer 3

Controls who has what IP address on a network. Works by a host broadcasting an IP address and the host with that address responds with their MAC address.

Question 4

What is ARP spoofing?

Answer 4

Hosts on a network will accepts ARP replies even if they did not request them. Therefore a device on a the network can tell all the other devices they are the router, causing the other devices to send their packets to the spoofing device.

Question 5

Why is WPA2 insecure?

Answer 5

The key is based on the wifi password, a nonce generated by the client and a nonce generated by the access point. The nonces are shared unencrypted and so if an attacker knows the password they can decrypt the traffic.

Question 6

What is PCI-DSS?

Answer 6

Payment Card Industry Data Security Standard. A data standard for companies handling credit card information.

Question 7

What are the requirements laid out in PCI-DSS?

Answer 7

Log, monitor and restrict access to cardholder data
Protect data from malware
Test security regularly
Protect stored data and data in transit with cryptography