Ethical Hacking and Penetration Testing

Questions and Answers

An ethical hacker's primary goal is to:

• Use any means necessary, regardless of legality, to penetrate a system.
• Develop new hacking tools for public use.
• Exploit vulnerabilities for personal financial gain.
• Mimic a malicious attacker to proactively identify security weaknesses. (correct)

Which threat actor is MOST likely to utilize zero-day exploits and advanced persistent threat (APT) techniques?

• Organized crime syndicate focused on ransomware attacks for immediate profit.
• State-sponsored attacker aiming to steal intellectual property or disrupt critical infrastructure. (correct)
• A hacktivist group seeking to deface a government website.
• Disgruntled employee attempting to escalate privileges on a local server.

A group claims responsibility for leaking sensitive corporate emails in response to a company's controversial environmental policy. This is MOST characteristic of:

• Organized crime.
• An insider threat.
• Hacktivism. (correct)
• State-sponsored espionage.

Which of the following BEST exemplifies a state-sponsored cyberattack?

A foreign government systematically stealing trade secrets from a rival nation's tech companies. (B)

An employee uses their authorized access to a company database to steal customer information and sell it on the dark web. This scenario BEST describes:

An insider threat. (B)

An application-based penetration test is designed to identify:

Weaknesses in the logic and design of software. (C)

When performing a network infrastructure penetration test, which two assets are MOST critical to evaluate?

Web servers and IPSs (A), AAA servers and Web servers (D)

During an application-based penetration test focusing on a web application, what is the PRIMARY reason to also assess access controls to back-end databases?

To ensure that the web application is properly authenticating and authorizing database access. (D)

What is the PRIMARY motivation for companies to implement bug bounty programs?

To incentivize the proactive discovery and reporting of vulnerabilities by external security researchers. (D)

In a partially known environment penetration test, which of the following is MOST likely?

The penetration tester receives limited information, such as domain names and IP addresses. (A)

What is the defining characteristic of a known environment penetration test?

The penetration tester is provided with detailed information, such as network diagrams, IP addresses, and even user credentials. (C)

A penetration test where the tester receives only domain names and IP addresses of the target organization is BEST described as:

An unknown-environment test. (A)

Match the penetration testing methodology to the description:

• MITRE ATT&CK
• NIST SP 800-115
• PTES
• OWASP WSTG
• OSSTMM

provides information about types of attacks and methods

MITRE ATT&CK (A)

Match the penetration testing methodology to the description:

• MITRE ATT&CK
• NIST SP 800-115
• PTES
• OWASP WSTG
• OSSTMM

Covers the high-level phases of web application security testing

OWASP WSTG (B)

Match the penetration testing methodology to the description:

• MITRE ATT&CK
• NIST SP 800-115
• PTES
• OWASP WSTG
• OSSTMM

lays out repeatable and consistent security testing

PTES (B)

Match the penetration testing methodology to the description:

• MITRE ATT&CK
• NIST SP 800-115
• PTES
• OWASP WSTG
• OSSTMM

collection of different matrices of tactics and techniques that adversaries use while preparing for an attack

MITRE ATT&CK (D)

Match the penetration testing methodology to the description:

• MITRE ATT&CK
• NIST SP 800-115
• PTES
• OWASP WSTG
• OSSTMM

provides organizations with guidelines on planning and conducting information security testing

NIST SP 800-115 (A)

Which THREE of the following are phases within the Penetration Testing Execution Standard (PTES)?

Enumerating Further (A), Network Mapping (B), Exploitation (D)

Which TWO options represent distinct phases within the Information Systems Security Assessment Framework (ISSAF)?

Pre-engagement Interactions (A), Reporting (B)

Which TWO selections accurately reflect phases encompassed by the Open Source Security Testing Methodology Manual (OSSTMM)?

Vulnerability Analysis (C), Trust Analysis (D)

Which penetration testing methodology serves as a comprehensive guide specifically tailored for web application testing?

OWASP WSTG (B)

Which Kali Linux alternative is geared towards penetration testing and digital forensics?

BlackArch (C)

Which URL provides an environment convenient for learning about pen testing methodologies?

parrotsec.org (D)

Why is 'Health Monitoring' a crucial requirement when setting up a penetration testing lab environment?

To confirm that resource limitations are not skewing test results. (D)

During a network infrastructure penetration test, what type of tool would be MOST helpful?

A tool for bypassing firewalls and intrusion prevention systems. (C)

What is the MOST suitable type of tool for performing an application-based penetration test?

An interception proxy to analyze and manipulate web application requests. (B)

Which category of tools is MOST crucial when conducting a wireless infrastructure penetration test?

Tools for de-authorizing network devices. (A)

What kind of tools are MOST effective for evaluating the security of server and client platforms?

Vulnerability scanning tools to identify known weaknesses. (D)

In scenarios where a system CANNOT be virtualized for penetration testing, what represents the MOST prudent course of action?

Performing a full system backup before commencing any tests. (D)

Flashcards

Ethical Hacker

An ethical hacker mimics an attacker to evaluate a network's security, identifying vulnerabilities.

State-Sponsored Attacker

A state-sponsored attacker is a well-funded and motivated group using advanced techniques for financial gain.

Hacktivist

A hacktivist uses cybercrime to steal and publicly reveal sensitive data to embarrass a target.

State-Sponsored Attack

A well-funded and motivated group uses the latest attack techniques for financial gain to disrupt or steal information from other nations.

Insider Threat

An insider threat is an attack perpetrated by disgruntled employees within an organization.

Application Pen Test Focus

Application-based penetration tests evaluate logic flaws within an application.

Network Pen Test

Network infrastructure penetration tests evaluate web servers and IPSs.

Application Pen Test Scope

Application-based penetration testing should include testing access to back-end databases.

Bug Bounty Programs

Bug bounty programs reward security professionals for finding vulnerabilities in a company's systems.

Partially Known Environment Test

A partially known environment penetration test is a hybrid approach between unknown and known tests.

Known Environment Pen Test

A known environment penetration test provides the tester with network diagrams, IPs, configurations, and user credentials.

Unknown-Environment Test

An unknown environment penetration test provides the tester with limited information such as domain names and IP addresses.

MITRE ATT&CK

MITRE ATT&CK provides information about types of attacks and methods.

NIST SP 800-115

NIST SP 800-115 provides organizations with guidelines on planning and conducting information security testing.

PTES Methodology

PTES lays out repeatable and consistent security testing phases.

OWASP WSTG

OWASP WSTG covers the high-level phases of web application security testing.

OSSTMM

OSSTMM provides a collection of different matrices of tactics and techniques that adversaries use while preparing for an attack.

PTES Phases

Reporting, Exploitation and Enumerating further, are phases of PTES (Penetration Testing Execution Standard).

ISSAF Phases

Pre-engagement interactions, Maintaining access, and Vulnerability identification are phases in ISSAF(Information Systems Security Assessment Framework) .

OSSTMM Phases

Vulnerability analysis and Trust Analysis in Open Source Security Testing Methodology Manual (OSSTMM).

OWASP Focus

OWASP WSTG is a comprehensive guide focused on web application testing.

BlackArch Linux

BlackArch is a Linux distribution that includes penetration testing tools and resources.

ParrotSec OS

parrotsec.org is a Linux distribution URL that provides a convenient learning environment about pen testing tools and methodologies.

Health Monitoring in Pen Testing

"Health Monitoring" checks resource usage to avoid false results during pen tests.

Network Pen Test Tools

Bypassing firewalls and IPSs tool, are useful when performing a network infrastructure penetration test.

Application Pen Test Tools

Cracking wireless encryption is useful to perform an application-based penetration test.

Wireless Pen Test Tools

De-authorizing network devices can be used to perform a wireless infrastructure penetration test.

System Testing Tools

If health monitoring indicates resources problems. Make sure that the tester needs to be sure that a lack of resources is not the cause of false results.

Non-virtualized System Action

A full backup of the system before testing.

Study Notes

• Ethical hackers mimic attackers to evaluate a network's security posture.
• State-sponsored attackers are well-funded, motivated groups using the latest techniques for financial gain.
• Hacktivists use cybercrime to steal and publicly reveal sensitive data to embarrass a target.

Threat Actors

• State-sponsored attack: Carried out by governments to disrupt or steal information from other nations.
• Insider threat: An attack from within an organization, often by disgruntled employees.

Penetration Testing Types

• Application-based penetration tests evaluate logic flaws.
• Network infrastructure penetration tests evaluate web servers and IPSs
• Application-based penetration tests on web applications should also include testing access to back-end databases.

Penetration Testing Environments

• Partially known environment penetration test: A hybrid approach between unknown and known environment tests.
• Known environment penetration test: The tester can be provided with network diagrams, IP addresses, configurations, and user credentials.
• Unknown-environment penetration test: Provides the tester with limited information such as domain names in the scope.

Bug Bounty Programs

• Bug bounty programs reward security professionals for finding vulnerabilities in a company's systems.

Penetration Testing Methodologies

• MITRE ATT&CK: A collection of matrices of tactics and techniques that adversaries use while preparing for an attack that provides information about types of attacks and methods.
• NIST SP 800-115: Provides organizations with guidelines on planning and conducting information security testing.
• PTES: Lays out repeatable and consistent security testing.
  • Reporting, Enumerating further, and Exploitation are phases in the Penetration Testing Execution Standard (PTES)
• OWASP WSTG: Covers the high-level phases of web application security testing and is a comprehensive guide focused on web application testing.
• OSSTMM: Phases include Work Flow and Trust Analysis.

Pen Testing Tools and Resources

• BlackArch is a Linux distribution with penetration testing tools and resources.
• parrotsec.org is a Linux distribution URL providing a learning pen testing environment.
• During penetration test lab setup, "Health Monitoring" ensures resource availability to prevent false results.
• Bypassing firewalls and IPSs tools are useful when performing a network infrastructure penetration test.
• Application-based penetration tests should use cracking wireless encryption tools.
• Wireless infrastructure penetration tests should use de-authorizing network devices tools.
• Server and client platform testing should use vulnerability scanning tools.
• If a system cannot be tested in a virtualized environment, perform a full backup of the system.