Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

INFOSYS 727 > Penetration Testing > Flashcards

Penetration Testing Flashcards

1
Q

Penetration testing

A

a way of testing the areas of weaknesses in systems by using various malicious techniques. A penetration test simulates methods that an attacker would use to gain unauthorized access to a network and compromise the systems and allows an organization to understand how well it would tolerate a real attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Black box testing

A

Black box testing is the least time consuming and the least expensive. When conducting black box testing, the specialist has no knowledge of the inner workings of the system, and attempts to attack it from the viewpoint of a regular user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Gray box testing

A

Gray box testing is a combination of black box and white box testing. The specialist will have some limited knowledge about the system, so it is a partially known environment, which gives some advantage to these hacking attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

White box testing

A

White box testing is the most time consuming and the most expensive because it is carried out by a specialist with knowledge of how the system works. It is therefore a known environment when they attempt to hack into it, emulating a malicious attack by an insider or by someone who has managed to gain such information beforehand, at the recon stage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Penetration Phases

A
  • Planning: Establishes the rules of engagement for conducting the test.
  • Discovery: Conducting reconnaissance on the target to gain information.
  • Attack: At this phase, you seek to gain access or penetrate the system using the information gathered in the previous phase.
  • Reporting: At this phase, the tester delivers to the organization detailed documentation that includes the vulnerabilities identified, actions taken and the results.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security assessment

A

A vulnerability scanner assesses computers, computer systems, networks, or applications for weaknesses. Commonly used vulnerability scanners on the market include Nessus, Retina, Core Impact and GFI LanGuard. Vulnerability scanners may be network scanners, application scanners or Web application scanners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Network Security Testing Techniques

A

Operations security is concerned with the day-to-day practices necessary to first deploy and later maintain a secure system. Operations security starts with the planning and implementation process of a network. Typically, network security testing is conducted during the implementation and operational stages, after the system has been developed, installed, and integrated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Network Security Testing Tools

A

Software tools that can be used to perform network testing include: Nmap/Zenmap, SuperScan, SIEM, GFI LANguard, Tripwire, Nessus, L0phtCrack, and Metasploit. Nmap provides classic TCP and UDP port scanning and sweeping, Stealth TCP and UDP port scans and sweeps, and remote operating system ID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Penetration Testing

A

Penetration testing, or pen testing, is a way of testing the areas of weaknesses in systems by using various malicious techniques. A penetration test simulates methods that an attacker would use to gain unauthorized access to a network and compromise the systems and allows an organization to understand how well it would tolerate a real attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

INFOSYS 727 (54 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions