Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Go through PenTest Class again > Topic 1A Define Organizational PenTesting > Flashcards

Topic 1A Define Organizational PenTesting Flashcards

(251 cards)

Start Studying
1
Q

Section 1A

What is penetration testing?

A

A proactive exercise that tests the strength of an organization’s security defenses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Section 1A

Why might an organization conduct a Penetration Test?

A

To provide due diligence and due care in meeting compliance requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Section 1A

What is essential to maintain during a PenTest?

A

A professional attitude at all times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Section 1A

What should be done if indications of a compromise are discovered during testing?

A

Immediately report the details to the appropriate stakeholder.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Section 1A

What are the lesson objectives related to Penetration Testing?

A
  • Define organizational Penetration Testing and recognize the CompTIA structured PenTesting process
  • Acknowledge compliance requirements such as PCI DSS and GDPR
  • Compare different standards and methodologies like MITRE ATT&CK, OWASP, and NIST
  • Describe best practice methods for professionalism and confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Section 1A

What is the purpose of employing proactive processes in security architecture?

A

To secure systems against potential attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Section 1A

What methods are included in securing systems?

A
  • Patch and configuration management
  • Security education, training, and awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Section 1A

What are administrative controls?

A

Security measures implemented to monitor adherence to organizational policies and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Section 1A

What does the Principle of Least Privilege state?

A

An object should only be allocated the minimum necessary rights, privileges, or information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Section 1A

What is the difference between a vulnerability scan and a penetration test?

A

A vulnerability scan identifies weaknesses, while a penetration test actively exploits those vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Section 1A

What is the primary goal of a PenTest?

A

To reduce overall risk by taking proactive steps to reduce vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Section 1A

What type of controls ensure the confidentiality, integrity, and availability of system resources?

A
  • Administrative controls
  • Physical controls
  • Technical or logical controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Section 1A

What do physical controls do?

A

Restrict, detect, and monitor access to specific physical areas or assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Section 1A

What are technical or logical controls?

A

Automated protections to prevent unauthorized access or misuse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Section 1A

Fill in the blank: PenTesting is also called _______.

A

[Ethical Hacking]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Section 1A

What is the outcome of a completed PenTest?

A

Results are documented in a report format and presented to stakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Section 1A

What is the importance of continually assessing security measures?

A

To defend against ongoing threats instead of waiting for a breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Section 1A

What is the definition of risk in cybersecurity?

A

Risk represents the consequence of a threat exploiting a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Section 1A

What can result from a risk in cybersecurity?

A
  • Financial loss
  • Business disruption
  • Physical harm
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Section 1A

What are the two main components that comprise risk?

A
  • Threat
  • Vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Section 1A

Define a threat in the context of cybersecurity.

A

A threat represents something such as malware or a natural disaster that can exploit a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Section 1A

What is a vulnerability?

A

A vulnerability is a weakness or flaw, such as a software bug, system flaw, or human error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Section 1A

What is the formula for determining risk?

A

Risk = Threats X Vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Section 1A

What is a risk analysis?

A

A security process used to assess risk damages that can affect an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
# Section 1A What are the three types of anti-malware protection mentioned?
* Free antivirus with no automatic updates * Paid antivirus with automatic updates * Unified threat management (UTM) appliance with automatic updates
26
# Section 1A What was the vulnerability rating and risk of infection for the free antivirus system?
90% vulnerable
27
# Section 1A What was the risk of infection for the paid antivirus system?
40% risk of being infected
28
# Section 1A What was the risk rating for the system using UTM?
10% risk rating
29
# Section 1A What can be controlled to reduce overall risk?
Vulnerabilities
30
# Section 1A What is risk management?
A cyclical process of identifying, assessing, analyzing, and responding to risks.
31
# Section 1A What is PenTesting?
A key component in managing risk that involves testing an infrastructure’s defenses.
32
# Section 1A What is the first step in the CompTIA structured PenTesting process?
Planning and scoping
33
# Section 1A What is the purpose of the reconnaissance phase in PenTesting?
To gather as much information about the target as possible.
34
# Section 1A What does scanning achieve in the PenTesting process?
Identifies live hosts, listening ports, and running services.
35
# Section 1A What occurs during the gaining access phase?
The team attempts to gain access to the system and protected resources.
36
# Section 1A What is the goal during the maintaining access phase?
To maintain access undetected for as long as possible.
37
# Section 1A What does covering tracks involve?
Removing any evidence that the team was in the system.
38
# Section 1A What happens during the analysis step of PenTesting?
The team analyzes findings and derives a summary of their risk rating.
39
# Section 1A What is included in the reporting phase?
Delivering results and remediation suggestions to stakeholders.
40
# Section 1A True or False: The same main process used by PenTesters is also used by threat actors.
True
41
# Section 1A What is the main goal of a threat actor?
To alter the integrity of the system and/or cause harm.
42
# Section 1A 8 Structed PenTest phases
Planning/Scoping, Reconn, Scanning, Gain Acces Maintain Access Cover Tracks Analysis, Reporting
43
What is the formula for determining risk?
R=TxV
44
# 1A Planning and scoping is when ________
when the team meets with the stakeholders to outline a plan for the PenTest. Some of the information obtained includes the rules of engagement, budget, technical constraints along with the types of assessments, and selection of targets.
45
# 1A Reconnaissance focuses on _______
gathering as much information about the target as possible. This process includes searching information on the Internet, using Open Source Intelligence (OSINT), along with social networking sites and company websites.
46
# 1A Scanning is a critical phase as it provides ________
more information about available network resources. Scanning identifies live hosts, listening ports, and running services. In addition, the team uses enumeration to gather more detailed information on usernames, network shares, services, and DNS details.
47
Gaining access occurs after the team has ____. In this phase, the team will attempt to _________
after the team has gathered information on the network. In this phase, the team will attempt to gain access to the system, with the goal of seeing how deep into the network they can travel. Then once in, the team will attempt to access protected resources.
48
# 1A Maintaining access, once the team is in the system, the goal is to _____
maintain access undetected for as long as possible
49
# 1A Covering tracks removes any evidence that ________
the team was in the system, including executable files, rootkits, logs, and any user accounts that were used during the exercise.
50
# 1A Analysis occurs after _______
the team has completed the exercise, and will go through the results of all activities, analyze the findings, and derive a summary of their risk rating.
51
# 1A Reporting will ________
deliver the results and any remediation suggestions to the stakeholders, along with a realistic timeline of reducing risk and implementing corrective actions.
52
53
What does PCI DSS stand for?
Payment Card Industry Data Security Standard
54
What is the purpose of PCI DSS?
To outline exact requirements for safely handling credit card data.
55
What are some controls specified by PCI DSS?
Methods to minimize vulnerabilities, employ strong access control, and consistently test and monitor the infrastructure.
56
What do threat actors attempt to obtain?
Credit card information, such as account numbers and other elements necessary to impersonate the cardholder.
57
Where can PCI DSS documentation be found?
At https://www.pcisecuritystandards.org/pci_security/
58
What are the six categories within PCI DSS?
They describe specific goals and define requirements for securing cardholder data.
59
What is required to create and maintain a secure infrastructure?
Using dedicated appliances and software that monitor and prevent attacks.
60
What good practice strategies should organizations employ?
Changing vendor default passwords and training users not to open suspicious emails.
61
What must organizations continuously monitor for?
Vulnerabilities and employ appropriate anti-malware protection that is continuously updated.
62
What access control methods should be provided?
Using the principle of least privilege and routinely monitoring and testing networks.
63
What must organizations create and maintain?
Appropriate information security policies that define the rules of proper behavior.
64
What can happen if a merchant fails to comply with PCI DSS?
They can face substantial fines and lose the ability to handle credit card transactions.
65
What does PCI DSS compliance rely on?
A continuous process of assess, remediate, and report.
66
How can a company determine if they are PCI DSS compliant?
By completing an assessment and reporting the results.
67
Is PCI DSS a law?
No, it is not a law and there is no government oversight.
68
What defines whether a merchant must complete a self-assessment or have an external auditor?
The security level based on the number of transactions done on a yearly basis.
69
What are the four levels of merchants based on transaction volume?
Level 1: over 6 million transactions; Level 2: 1 to 6 million; Level 3: 20,000 to 1 million; Level 4: under 20,000.
70
What is required for Level 1 merchants to prove compliance?
An external auditor must perform the assessment by an approved Qualified Security Assessor (QSA).
71
What must Levels 1 and 2 complete?
A Report on Compliance (RoC).
72
What can Levels 2–4 do to prove compliance?
They can either have an external auditor or submit a self-test that proves they are taking active steps to secure the infrastructure.
73
What is one law in the US and EU that deals with consumer data protection?
GDPR, which has a global reach.
74
# 1A Which PCI DSS security levels must perform a Report on Compliance (RoC)?
Levels 1 and 2
75
# 1A Which PCI DSS level must have an external auditor perform the assessment by an approved Qualified Security Assessor (QSA).
Level 1
76
What is the purpose of a PenTesting exercise?
To discover system weaknesses and assess security measures ## Footnote A complete assessment can identify unnecessary services, effectiveness of social engineering techniques, exploitable vulnerabilities, and the status of antimalware signatures and operating system patches.
77
What organization provides a framework for testing during the software development process?
Open Web Application Security Project (OWASP) ## Footnote OWASP aims to increase awareness of web security and offers resources like the OWASP Testing Guide and a list of Top 10 vulnerabilities.
78
What is the OWASP Testing Guide (OTG)?
A resource outlining the testing process and the importance of assessing the whole organization ## Footnote It includes people, processes, and technology, particularly focusing on web applications.
79
What does NIST stand for?
National Institute of Standards and Technology ## Footnote NIST develops computer security standards and publishes cybersecurity best practice guides.
80
What is NIST SP 800-115?
Technical Guide to Information Security Testing and Assessment ## Footnote Published in 2008, it contains relevant information about PenTesting planning, techniques, and activities.
81
What is the OSSTMM?
Open-source Security Testing Methodology Manual ## Footnote OSSTMM provides a structured approach to PenTesting and emphasizes auditing, validation, and verification.
82
What does OSSTMM v3 focus on?
It focuses on auditing, validation, and verification in PenTesting ## Footnote It also covers areas such as Human Security and Physical Security testing.
83
True or False: OSSTMM provides the tools needed for a complete PenTesting exercise.
False ## Footnote OSSTMM does not provide the tools but covers methodologies and areas for testing.
84
What is one resource provided by OSSTMM for security awareness?
Hacker Highschool ## Footnote It provides security awareness education for teens.
85
Fill in the blank: NIST has many resources for cybersecurity professionals, including the _______ series.
Special Publication (SP) 800 ## Footnote This series deals with cybersecurity policies, procedures, and guidelines.
86
# 1C What type of organizations does the Cybersecurity Playbook target?
Small to medium-sized organizations ## Footnote It outlines cybersecurity best practices tailored for these organizations.
87
# 1C Where can OSSTMM v3 be found?
https://www.isecom.org/OSSTMM.3.pdf ## Footnote Access to the latest version may require a paid membership to ISECOM.
88
# 1C NIST develops computer security standards used by _______
US federal agencies and publishes cybersecurity best practice guides and research.
89
# 1C This manual outlines every area of an organization that needs testing, as well as goes into details about how to conduct the relevant tests.
OSSTM
90
What does ISSAF stand for?
Information Systems Security Assessment Framework ## Footnote ISSAF is an open-source resource for cybersecurity professionals.
91
How many documents are included in the ISSAF rar file?
14 documents ## Footnote These documents relate to PenTesting and include topics like business continuity and legal compliance.
92
In what year was ISSAF created?
2005 ## Footnote Despite being created in 2005, ISSAF contains valuable resources for PenTesting.
93
What is the main purpose of the Penetration Testing Execution Standard (PTES)?
To provide a best practice guide to PenTesting ## Footnote PTES was developed by business professionals focusing on the structure of a complete PenTest.
94
List three main sections included in the PTES.
* Preengagement interactions * Threat modeling * Vulnerability analysis ## Footnote PTES has a total of seven main sections detailing the PenTesting process.
95
Does PTES include technical guidelines?
No, it does not include technical guidelines ## Footnote However, PTES has a separate document that provides technical guidelines.
96
What type of organization is MITRE Corporation?
A U.S. based non-profit organization ## Footnote MITRE provides research, publications, and tools related to cybersecurity.
97
What is the ATT&CK framework?
Adversarial Tactics, Techniques & Common Knowledge ## Footnote ATT&CK provides tools and techniques specific to PenTesting.
98
What is the purpose of the Initial Access category in the ATT&CK framework?
To list attack vectors a threat actor can use to gain access to a network ## Footnote Examples include Drive by compromise and Supply chain compromise.
99
What techniques are included in the Persistence category of the ATT&CK framework?
* Create account * Modify authentication process * Browser extensions ## Footnote These techniques describe how to remain in a system.
100
Fill in the blank: The Credential access category in the ATT&CK framework provides solutions such as _______.
Brute force ## Footnote Other solutions include Man in the Middle and Forced authentication.
101
True or False: MITRE is involved in providing key information on vulnerabilities and weaknesses within software.
True ## Footnote MITRE conducts research and shares insights on software vulnerabilities.
102
# 1C What does PTES stand for?
Penetration Testing Execution Standard
103
What is the purpose of identifying and mitigating vulnerabilities in a PenTest?
To ensure a structured approach to security testing
104
What system is used to rate the severity of vulnerabilities?
Common Vulnerability Scoring System (CVSS)
105
How is the CVSS score derived?
Using a set of metrics
106
What does CVE stand for?
Common Vulnerabilities and Exposures
107
What type of information is cataloged in a CVE entry?
Name of the vulnerability and description
108
What is the format for naming a CVE entry?
CVE-[YEAR]-[NUMBER]
109
What is the National Vulnerability Database (NVD)?
A resource for detailed information about specific vulnerabilities
110
What organization maintains the Common Weakness Enumeration (CWE)?
MITRE Corporation
111
What does the CWE database contain?
Software-related vulnerabilities
112
What can you find on the Software Development page of the CWE?
A list of common software issues
113
True or False: Vulnerability scores remain constant over time.
False
114
Fill in the blank: The CVE is a listing of all publicly disclosed _______.
vulnerabilities
115
What happens when you click on a CVE name in the database?
It links to the record in the National Vulnerability Database (NVD)
116
What type of issues can be found under the Data Validation Issues category in CWE?
Common software weaknesses
117
What is the significance of the metrics used in CVSS?
They help in prioritizing vulnerabilities
118
What is a key requirement for each member of a PenTesting team?
Provide credentials that prove they have the appropriate skills to conduct PenTesting ## Footnote Examples of credentials include certifications relevant to PenTesting.
119
What types of background checks should be produced by PenTesting team members?
Recent background checks that can include credit scores and driving records ## Footnote Ensuring no one has a criminal record or felony conviction is crucial.
120
Does having a Top Secret clearance from the military exempt a team member from providing recent background information?
No ## Footnote Recent information is still required to reassure the client.
121
What is the purpose of a penetration test?
A simulated attack where systems face scrutiny similar to a real attack by a threat actor.
122
Why is it advantageous to think like a criminal during PenTesting?
It helps to identify vulnerabilities and improve security measures.
123
What must be done if a PenTesting team member inadvertently scans the wrong network?
This action must be immediately reported to the team leader ## Footnote There could be legal ramifications for such actions.
124
What is an important consideration regarding information obtained during the PenTest process?
Ensure privacy of any information obtained.
125
What is the primary responsibility of the PenTest team regarding sensitive information?
To conform to the policy on handling proprietary and sensitive information. ## Footnote This includes agreeing to protect any discovered vulnerabilities and confidential information.
126
What should a team member do if they find a major vulnerability in a public-facing website?
Keep this information confidential to minimize risk. ## Footnote This may involve informing only privileged personnel, such as IT managers.
127
Who should be informed of vulnerabilities found during a PenTest?
Only privileged personnel, such as IT managers. ## Footnote Standard employees should not be informed of these issues.
128
What should be stated during the planning meeting of a PenTest?
The testers will protect information discovered during testing and not disclose confidential information to other parties. ## Footnote This clarification is essential to maintain confidentiality.
129
What type of documentation might the PenTest team need to supply regarding confidentiality?
Legal documentation that includes confidentiality provisions. ## Footnote This is necessary to formalize the confidentiality agreements.
130
How should PenTest reports be protected due to their sensitive nature?
Using encryption and password protection when in storage. ## Footnote This ensures that only authorized personnel can access the reports.
131
True or False: The PenTest team must be aware of legal issues that might impact the testing process.
True ## Footnote Legal implications can affect how testing is conducted and reported.
132
What is the purpose of Formalized PenTesting?
To assess the cyberhealth and resiliency of an organization ## Footnote This involves evaluating security measures and identifying vulnerabilities.
133
What should the team outline before beginning any PenTesting?
The terms of the contract and legal considerations ## Footnote This includes understanding the scope and methods of testing.
134
What risks might the professional team face during PenTesting?
Performing an illegal activity inadvertently ## Footnote This can lead to serious legal consequences.
135
What can happen if a team member is found guilty of illegal acts during PenTesting?
They can face serious consequences, including fees and criminal charges ## Footnote Legal repercussions can vary based on jurisdiction.
136
What is a key step before conducting active testing?
Gathering with stakeholders to outline the terms of the PenTesting process ## Footnote This ensures mutual understanding and agreement.
137
Why is it important for the team to consider the scope and methods of testing?
To avoid legal violations and ensure clarity in execution ## Footnote Misunderstandings can lead to unintended illegal actions.
138
What should the team use to think through all testing scenarios?
A tabletop exercise ## Footnote This helps identify potential conflicts and issues.
139
What question should the team ask if they are breaking into a facility?
Who will notify the authorities and/or security personnel? ## Footnote This is crucial for legal compliance and safety.
140
What should the organization define when discussing security circumvention methods?
The term 'various means' ## Footnote Clear definitions help prevent misunderstandings.
141
What legal consequences can arise from PenTesting even with customer consent?
Inadvertent violation of local, state, or regional laws ## Footnote This can lead to criminal charges and fines.
142
What should the team do to prepare for possible legal ramifications?
Question stakeholders and research applicable regulations ## Footnote This ensures informed decision-making and compliance.
143
What is the primary purpose of defining the project scope in a PenTesting exercise?
To specify what is included or excluded during the testing process. ## Footnote Proper scoping helps all stakeholders understand expectations and provides a clearer completion timeline.
144
What is the role of the requirements analysis process in PenTesting?
To determine specific environments to be considered for testing. ## Footnote Identifying targets helps better define the scope and type of attacks.
145
What are common components included in PenTesting?
Testing networks, cloud services, and/or applications. ## Footnote This is often in response to regulatory or industry requirements.
146
Why is it important to assess both wired and wireless networks in PenTesting?
Because networks are complex and both LAN and WLAN need to be tested for security. ## Footnote Discussions with stakeholders help determine the approach for both types of networks.
147
What should the team consider when evaluating web applications?
Vulnerabilities that can lead to data compromise. ## Footnote Many web applications and components have inherent security issues.
148
What guidelines should be defined before testing web applications?
Client must provide a percentage or discrete value of web pages or forms for user interaction. ## Footnote Obtaining various roles and permissions is also important for testing.
149
What are some vulnerabilities found in mobile applications?
Insecure communications, weak cryptography, and sensitive data storage. ## Footnote Mobile apps represent an additional attack vector.
150
What factors should be gathered when testing mobile applications?
Information on which applications to test, platform specifications, and specific scenarios. ## Footnote This helps define the scope for mobile app testing.
151
What is the significance of cloud resources in the context of PenTesting?
They introduce vulnerabilities that need to be assessed for security strength. ## Footnote Companies often seek professional PenTesters for this purpose.
152
What permissions are necessary before testing in the cloud?
Proper permissions from the provider and understanding of allowed testing types. ## Footnote Testing may include virtual machines and application programming interfaces (APIs).
153
What must the team understand about cloud usage before conducting a PenTest?
What is hosted and how the cloud is used to identify points of weakness. ## Footnote Some testing may be off-limits even with permission.
154
What is required alongside defining the project scope?
Outlining specific assets that are in scope for testing. ## Footnote This ensures clarity on what will be assessed.
155
Network scope restricted to a single geographic location and owned/managed by a single organization.
Local Area Network (LAN)
156
A network using wireless radio communications based on some variant of the 802.11 standard series.
Wireless Local Area Network (WLAN)
157
Cloud service model that provisions fully developed application services to users.
SaaS
158
Cloud service model that provisions virtual machines and network infrastructure.
IaaS (infrastructure as a Service)
159
Cloud service model that provisions application and database services as a platform for development of apps.
PaaS (Platform as a Service)
160
A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.
API
161
What is the primary purpose of defining the project scope in a PenTesting exercise?
To specify what is included or excluded during the testing process. ## Footnote Proper scoping helps all stakeholders understand expectations and provides a clearer completion timeline.
162
What is the role of the requirements analysis process in PenTesting?
To determine specific environments to be considered for testing. ## Footnote Identifying targets helps better define the scope and type of attacks.
163
What are common components included in PenTesting?
Testing networks, cloud services, and/or applications. ## Footnote This is often in response to regulatory or industry requirements.
164
Why is it important to assess both wired and wireless networks in PenTesting?
Because networks are complex and both LAN and WLAN need to be tested for security. ## Footnote Discussions with stakeholders help determine the approach for both types of networks.
165
What should the team consider when evaluating web applications?
Vulnerabilities that can lead to data compromise. ## Footnote Many web applications and components have inherent security issues.
166
What guidelines should be defined before testing web applications?
Client must provide a percentage or discrete value of web pages or forms for user interaction. ## Footnote Obtaining various roles and permissions is also important for testing.
167
What are some vulnerabilities found in mobile applications?
Insecure communications, weak cryptography, and sensitive data storage. ## Footnote Mobile apps represent an additional attack vector.
168
What factors should be gathered when testing mobile applications?
Information on which applications to test, platform specifications, and specific scenarios. ## Footnote This helps define the scope for mobile app testing.
169
What is the significance of cloud resources in the context of PenTesting?
They introduce vulnerabilities that need to be assessed for security strength. ## Footnote Companies often seek professional PenTesters for this purpose.
170
What permissions are necessary before testing in the cloud?
Proper permissions from the provider and understanding of allowed testing types. ## Footnote Testing may include virtual machines and application programming interfaces (APIs).
171
What must the team understand about cloud usage before conducting a PenTest?
What is hosted and how the cloud is used to identify points of weakness. ## Footnote Some testing may be off-limits even with permission.
172
What is required alongside defining the project scope?
Outlining specific assets that are in scope for testing. ## Footnote This ensures clarity on what will be assessed.
173
Character string that identifies a particular wireless LAN (WLAN).
SSID (Service Set Identifiers)
174
What command can be used on Linux to enumerate all SSIDs and BSSIDs in range?
iwlist scan ## Footnote This command helps in identifying available wireless networks.
175
What command can be used on Windows to show available wireless networks?
netsh wlan show networks ## Footnote This command lists the SSIDs and their corresponding details.
176
What tool can be used to enumerate SSIDs and BSSIDs in range on various platforms?
airodump-ng ## Footnote Airodump-ng is part of the aircrack-ng suite, used for capturing packets and displaying network information.
177
What is a Rogue AP?
An unauthorized access point that mimics a legitimate network to trick users into connecting. ## Footnote Rogue APs can be used in man-in-the-middle attacks.
178
What is an Evil Twin attack?
An attack where an attacker creates an AP broadcasting the same SSID as a legitimate network. ## Footnote This method can deceive users into connecting to the attacker's network.
179
True or False: An Evil Twin attack can use the hostapd tool.
True ## Footnote Hostapd is commonly used to create rogue access points.
180
Fill in the blank: An attacker can use _______ to create an Evil Twin access point.
hostapd ## Footnote Hostapd allows for the configuration of wireless access points.
181
What is the purpose of using tools like iwlist scan and netsh wlan?
To enumerate all SSIDs and BSSIDs in range ## Footnote These tools help in network mapping for security assessments.
182
What is the purpose of defining in-scope assets in a PenTest?
To allow testers to focus on specific assets within a limited time frame ## Footnote Clearly defined in-scope assets help streamline the testing process and ensure relevant security issues are addressed.
183
List examples of in-scope assets that may be included in a PenTest.
* Internet Protocol (IP) addresses * Domain and/or subdomains * Application programming interfaces (APIs) * Users * Service Set Identifiers (SSID) * Physical locations ## Footnote Each type of asset presents unique vulnerabilities and testing challenges.
184
What are the two types of physical locations considered as in-scope assets?
* On-site * Off-site ## Footnote On-site locations are where attacks are carried out, while off-site locations include remote offices and satellite locations.
185
Define on-site assets.
Assets that are physically located where an attack is being carried out ## Footnote On-site testing may involve compromising physical barriers to access systems.
186
Define off-site assets.
Assets that provide a service for a company but are not located at the same place ## Footnote Off-site locations may have fewer security controls, making them softer targets.
187
What are external assets?
Assets visible on the Internet, such as websites, web applications, emails, or DNS servers ## Footnote External assets are not suitable for attacks requiring direct access to the network segment.
188
What are internal assets?
Assets that can be accessed from within the organization ## Footnote Internal assets are prime targets for attacks by insiders or external hackers with credentials.
189
Differentiate between first-party and third-party hosted assets.
* First-party hosted: Assets hosted by the client organization * Third-party hosted: Assets hosted by a vendor or partner ## Footnote First-party assets may be easier to attack due to less stringent security compared to third-party services.
190
True or False: Third-party hosted assets are always more secure than first-party hosted assets.
False ## Footnote While third-party providers often have more stringent controls, smaller providers may have less security expertise, making them potentially easier targets.
191
What must the testing team review with stakeholders after identifying the scope and assets?
Any restrictions that will influence their testing ## Footnote Understanding these restrictions is crucial for effective and compliant testing.
192
Fill in the blank: An asset that is physically located where an attack is being carried out is known as _______.
on-site ## Footnote On-site testing can reveal vulnerabilities in physical security.
193
Fill in the blank: An asset that provides a service for a company but is not located at the same place is known as _______.
off-site ## Footnote Off-site assets can be less secure and more vulnerable to attacks.
194
An attacker's ability to obtain, maintain, and diversify access to network systems using exploits and malware.This includes assets that are hosted by a vendor or partner of the client organization, such as cloud-based hosting.
APT
195
What should stakeholders do before testing begins?
Spell out all requirements and agree on the terms ## Footnote This ensures clarity and mutual understanding before the testing process starts.
196
Why is it important to keep communication open with stakeholders?
To clarify any issues and remove ambiguity regarding testing methods ## Footnote Open communication helps prevent misunderstandings during the PenTest.
197
What is a timeline in the context of PenTesting?
A series of events that transpire within a discrete period of time ## Footnote It outlines the specific parameters and estimated time needed to complete testing.
198
What is one benefit of conducting testing during normal business hours?
It helps assess the organization’s reaction to attacks ## Footnote This can provide insights into the effectiveness of the organization's security measures.
199
What is an example of a timeline restriction for testing?
Testing for 515web.net will be conducted from 8:00 A.M. to 6:00 P.M. U.S. Eastern Time, Monday through Friday ## Footnote This defines the specific hours during which testing can occur.
200
What is expected of professional PenTesters regarding time management?
To conduct tests in a quick and efficient way ## Footnote Good time management increases the team's productivity and efficiency.
201
What is the goal of a PenTesting team in relation to clients?
To build a long-lasting relationship with the client ## Footnote Professional conduct and effective communication are key to achieving this goal.
202
What should the team focus on during PenTesting?
Focus on the task at hand, avoid distractions, adhere to the timeline ## Footnote These practices help ensure efficient and effective testing.
203
What are allowable tests in PenTesting?
Tests that define exactly what's being tested and what is not ## Footnote This includes acceptable actions like social engineering and physical PenTesting.
204
What does adhering to the scope mean in PenTesting?
Following legal documents that define what locations, systems, applications, or targets are included or excluded ## Footnote This is crucial for legal and ethical compliance during testing.
205
What might be a technical restriction during PenTesting?
Legacy systems that have issues with automated scanning ## Footnote Such restrictions can impact the effectiveness of the testing process.
206
What is one way to limit invasiveness based on scope?
Define acceptable actions, such as social engineering and physical security tasks ## Footnote This helps manage the impact of testing on sensitive systems.
207
What is the significance of defining acceptable tools for a PenTest?
To ensure that only approved tools are used during the engagement ## Footnote This may be mandated by a governing body or specific organizational policies.
208
What should the team do if they need to use additional tools for testing?
Submit a rationale for using the tool, along with a request for approval ## Footnote Approval must be granted before using any non-approved tool on the production network.
209
What should stakeholders do if they identify a prohibited system during testing?
Notify the team and request a change to the terms of the contract ## Footnote This helps maintain compliance and adjust testing parameters accordingly.
210
What is a key component of the strategy for conducting a PenTest?
The rationale for the test and whether to operate in a known or unknown environment ## Footnote This helps establish the framework for the testing approach.
211
What is the purpose of gathering information from stakeholders during a PenTest?
To learn more about their needs and the objectives of the PenTest ## Footnote Understanding stakeholder requirements is crucial for tailoring the PenTest to organizational needs.
212
What are the common types of PenTesting assessments?
* Compliance based assessments * Red team/blue team-based assessments * Goals-based/objectives-based assessments ## Footnote Each type serves a different purpose in assessing security.
213
What is the focus of compliance based assessments?
Fulfilling the requirements of specific laws or standards, such as GDPR, HIPAA, or PCI DSS ## Footnote These assessments ensure organizations meet regulatory standards.
214
In red team/blue team-based assessments, what do the teams represent?
* Red Team: Hostile or attacking team * Blue Team: Defensive team ## Footnote This method tests the effectiveness of security measures and response strategies.
215
What is the goal of goals-based/objectives-based assessments?
To test a system for security issues prior to implementation for a specific purpose ## Footnote Example: Testing a new point of sale (PoS) system before it goes live.
216
What is unknown environment testing in PenTesting?
When the PenTesting team has no information before testing, mimicking actual threat actors ## Footnote This type of testing involves scanning for network resources and identifying vulnerabilities.
217
What does partially known environment testing involve?
Testing web applications with some given information, focusing on system defects or improper usage ## Footnote This approach is often used after software defects have been repaired.
218
Describe known environment testing in PenTesting.
The PenTesting team is given all details of the network and applications, focusing on user perspective ## Footnote This allows for a thorough examination of security from an informed standpoint.
219
What is the significance of defining the rules of engagement in a PenTest?
It sets the tone for the entire assessment and ensures clarity in objectives and processes ## Footnote Properly defined rules help reduce risk and strengthen security posture.
220
What is the next step after outlining the specifics of a PenTest?
Confirming the details of the scope of the engagement ## Footnote This step ensures that all parties are aligned on expectations and boundaries.
221
What is the first step after gathering the particulars of the PenTest?
Review and confirm all requirements, scope, and details of the engagement.
222
What should the team reconfirm regarding system backups?
Whether they have appropriate system backups and recovery procedures.
223
Who should the team notify if they identify a high-risk vulnerability?
The designated individual or team as confirmed with the client.
224
What should the team do if there are vague areas in the engagement?
Question the client to eliminate confusion.
225
What are some elements to review during the scope validation?
* Scope and in-scope assets * What is excluded * Strategy: unknown, partially known, or known environment testing * Timeline to complete testing and any constraints * Any restrictions or applicable laws * Third-party providers, services, or off-site locations * Communication and updates
226
What is the importance of having team members and stakeholders complete an independent read-through?
To ensure everything discussed is covered and clearly defined.
227
Why is it important to stress the validity of the PenTest?
Because it is valid only at the point in time it is conducted.
228
How can the chosen scope and methodology impact the PenTest?
They can impact the comprehensiveness of the test.
229
True or False: Validating the scope of the engagement is optional before beginning the assessment.
False
230
Fill in the blank: Validating the scope of the engagement minimizes the need to adjust the _______ after testing has begun.
contract
231
What is PenTesting?
PenTesting simulates the approach of an unauthorized hacker attacking a system to assess security.
232
What is the first step an organization must take before a PenTest?
Obtain formal permission to attack.
233
True or False: Serious system damage is common during PenTesting.
False
234
What precautionary efforts does the PenTest team take?
Protect the systems and minimize damage.
235
What should be signed by everyone involved in the PenTest?
A written agreement to act within stated requirements.
236
What information is typically included in the final documentation for PenTesting?
* Names of authorized entities or individuals * Specific networks, hosts, and applications included * Validity period of authorization * Proper data handling techniques * Reporting guidelines and chain of command * Guidelines for terminating testing
237
What is a Master Service Agreement (MSA)?
A contract that establishes precedence and guidelines for business documents between two parties.
238
What elements should be included in a Master Service Agreement?
* Project scope * Compensation specifics * Requirements for permits, licensing, or certifications * Safety guidelines and environmental concerns * Insurances such as general and liability
239
What is the purpose of a Statement of Work (SOW)?
Defines expectations for a specific business arrangement, including deliverables and responsibilities.
240
Fill in the blank: A service-level agreement (SLA) outlines the detailed terms under which a _______ is provided.
[service]
241
What does an SLA define?
The level of service expected by a customer from a supplier and the metrics for measurement.
242
What must be included in the final documentation for a PenTest?
* Terms under which service is provided * Disclaimers related to the PenTest * Proper signing authority statement * Legal review of the authorization document
243
What is the significance of written authorization in a PenTesting engagement?
Helps control the amount of liability incurred by the PenTester.
244
True or False: A Statement of Work can be used to charge for out-of-scope requests.
True
245
What should parties do before signing the Master Service Agreement?
Carefully read the MSA to ensure no conflicts with other contracts.
246
What can a Master Service Agreement cover?
* Recurring costs * Unforeseen additional charges
247
What is a key component to check in an SLA?
Penalties if agreed-on service levels are not achieved.
248
a contract that establishes precedence and guidelines for any business documents that are executed between two parties. It can be used to cover recurring costs and any unforeseen additional charges that may occur during a project without the need for an additional contract.
MSA (Master Service Agreement) Some of the elements should include details on the following: Project scope and a definition of the work that is to be completed Compensation specifics that include invoicing and any reports required when submitted Requirements for any permits, licensing, or certifications Safety guidelines and environmental concerns Insurances such as general and liability. Prior to signing, all parties should carefully read the MSA to ensure that the agreement does not conflict with any other contracts or insurance policies. In addition, the MSA must be modifiable as there may be necessary changes that may occur in the future.
249
Once you have an MSA to solidify the legal terms between the parties, you can then create one or more
Statement of Work (SOW) to outline project-specific services and payment terms.
250
The ____________is a document that defines the expectations for a specific business arrangement. It typically includes a list of deliverables, responsibilities of both parties, payment milestones, schedules, and other terms. For anyone collaborating with or contracted to work on a project, the SOW ________ provides the details on the work that the client has agreed to pay. As a result, it has a direct impact on team activities. It also can be used by the PenTest team to charge for out-of-scope requests and additional client-incurred costs.
SoW (Statement of Work)
251
____ is a contract that outlines the detailed terms under which a service is provided, including reasons the contract may be terminated.
SLA (Service Level Agreement)

Go through PenTest Class again (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions