Penetration Testing and Ethical Hacking Quiz

Penetration Testing

• A penetration test (pen test or ethical hacking) is a simulated cyber attack against a computer system, network, or web application to assess its security vulnerabilities.
• The main purpose of a penetration test is to identify vulnerabilities and weaknesses, so they can be fixed before a malicious attacker can exploit them.

Types of Penetration Tests

• A white box penetration test is a type of test where the tester has complete knowledge of the system, including network diagrams, source code, and access to the system's internal workings.
• A gray box penetration test is a combination of black box and white box testing, where the tester has limited knowledge of the system, but more than a black box tester.
• A black box penetration test is a type of test where the tester has no knowledge of the system, similar to a real-world hacker.

Goals and Objectives

• The main goals of a penetration test include identifying vulnerabilities, determining the feasibility of a particular set of attack vectors, and identifying the severity of the impact of a successful attack.
• A penetration test is NOT designed to exploit or fix vulnerabilities, but rather to identify and report on them.

Terms and Concepts

• A combination of white box and black box penetration tests is referred to as a gray box penetration test.
• The colloquial term for a penetration test is ethical hacking.
• Reviewing available information is an essential step in a penetration test, as it helps to gather clues and identify potential entry points for an attack.

Comparison to Vulnerability Assessments

• A penetration test is different from a vulnerability assessment in that a penetration test actively attempts to exploit vulnerabilities, while a vulnerability assessment merely identifies them.