Penetration Testing Overview

Questions and Answers

What must be included in the report generated after a penetration test?

• A detailed account of every action taken during the test
• An executive summary for a less technical audience (correct)
• A list of all software agents installed during the test
• A proposal for future penetration tests

What is the goal of the cleanup phase in a penetration test?

• To ensure that no traces of the pen test are left on the systems (correct)
• To present findings to stakeholders in a formal meeting
• To develop a new security protocol for the organization
• To improve system performance by optimizing configurations

Which of the following phases is NOT part of performing a penetration test?

• Penetration
• Reconnaissance
• Exploitation (correct)
• Post-Test Review

What should happen to any credentials that were changed during a penetration test?

They should be restored to their original state (B)

What type of audience is the executive summary of the penetration test report intended for?

Less technical stakeholders and management (A)

What is the primary purpose of a penetration test?

To exploit vulnerabilities in order to uncover new risks (B)

What is a significant risk associated with poor planning in penetration testing?

Expansion beyond the defined limitations of the test (C)

Who should typically perform a penetration test?

Third-party security professionals (D)

What is a key component of the rules of engagement for penetration testing?

The specific targets and limitations of the test (B)

What does vulnerability scanning aim to achieve?

To identify and classify potential security weaknesses (A)

Why is the planning phase crucial for successful penetration testing?

It sets the boundaries and objectives of the test (D)

What could be a consequence of failing to adhere to planning protocols in a penetration test?

Legal complications due to unauthorized access (C)

What is often considered the most important step in penetration testing?

Planning the penetration test thoroughly (D)

What is the primary purpose of a credentialed vulnerability scan?

To provide valid authentication information to the scanner (D)

Which of the following best describes a nonintrusive scan?

Records vulnerabilities without any exploitation attempts (C)

When prioritizing vulnerabilities, which factor is NOT considered?

The appearance of the vulnerability in the scan report (A)

What type of scan would likely give the most comprehensive view of vulnerabilities?

Credentialed intrusive scan (C)

Which of the following is an example of a question to help prioritize vulnerabilities?

Can the vulnerability be resolved within a specific timeframe? (D)

What does vulnerability scanning software primarily compare against?

A set of known vulnerabilities (D)

What defines an intrusive scan's approach to vulnerabilities?

It directly attempts to exploit vulnerabilities found (D)

In vulnerability assessment, which aspect should be evaluated alongside the accuracy of the vulnerability findings?

The importance of the vulnerabilities (C)

What must a pen tester determine when a vulnerability is discovered?

How to pivot to another system (B)

Which of the following statements best describes the mindset of a pen tester?

They need to be patient and persistent. (A)

What is the correct order of the two primary phases of penetration testing?

Reconnaissance, penetration (B)

Which process complements penetration testing by identifying vulnerabilities?

Vulnerability scanning (B)

What is the purpose of conducting proper reconnaissance before a penetration test?

To gather information for effective testing (A)

How should pen testers design their attack strategies?

They need to design attacks carefully and manually. (C)

What role does threat hunting play in vulnerability scanning?

It enhances the effectiveness of scanning. (A)

Which of the following is NOT a focus area when studying vulnerability scanning?

How to develop firmware updates (C)

What is sentiment analysis primarily used for in the context of cybersecurity?

Determining the behavior of threat actors (C)

What is the primary focus of threat hunting in a network?

Proactively searching for undiscovered cyber threats (A)

Which feature is NOT typically associated with a Security Information and Event Management (SIEM) system?

Remediation (D)

How does Security Orchestration, Automation, and Response (SOAR) improve upon the functionalities of a SIEM?

By automating incident response procedures (A)

What type of data sources are often utilized during threat hunting investigations?

Crowdsourced attack data (C)

What is a critical premise that threat hunting begins with?

Threat actors have infiltrated the network (B)

In the context of threat reporting, what is a fusion center?

A repository for sharing attack information (B)

What best describes how SOARs operate compared to traditional SIEMs?

They enhance efficiency through automation. (D)

Flashcards

Penetration testing

Simulates attacks to find system vulnerabilities and how they could be exploited.

Penetration testing planning

Defining the scope, schedule, and resources needed for the penetration testing project.

Scope Creep

Expansion beyond the originally agreed-upon scope of a penetration test.

Rules of Engagement

The who, what, when, where, and how of penetration testing.

Penetration test report

A detailed summary of pen test findings for both technical and non-technical audiences.

Reconnaissance

Gathering information about the target system before attempting an attack.

Penetration phase

Attempting to exploit discovered vulnerabilities in the target system.

Vulnerability scanning

A process to automatically identify security weaknesses in a system.

Credentialed scans

Scans that have authorization and access to a system.

Intrusive scan

A vulnerability scan that attempts to exploit discovered vulnerabilities.

Nonintrusive scan

A vulnerability scan that only records a discovered vulnerability (but does not try to exploit).

Vulnerability Information

Updated information about the latest security weaknesses.

Data Management Tools

Tools used to analyze and manage data from security systems and threats.

SIEM

A tool that consolidates data from multiple security sources for analysis.

Data correlation

Discovering anomalies and threats by comparing data across different systems.

Sentiment analysis

Identifying opinions and attitudes to determine the sentiment toward a topic.

SOAR

A tool that automates incident response using data and analytics.

Threat hunting

Proactively searching for undetected cyber threats in a network.

Crowdsourced attack data

Attack data gathered from various sources.

Advisories and Bulletins

Documents released that informs of existing flaws and how to potentially fix them.

Information on emerging attacks.

Cybersecurity threat feeds

Fusion center

Threat intelligence sharing centers.

Study Notes

Penetration Testing

• Penetration testing is designed to help a company uncover new vulnerabilities in their system and learn how threat actors could exploit them.
• The most important part of penetration testing is proper planning - it can help prevent "creep" which is an expansion beyond the initial scope of the test, which can create legal issues.
• Penetration tests are performed to help protect an organization from attackers.
• When planning penetration testing, it is important to define the scope, schedule and resources needed for the project.

Rules of Engagement

• Penetration testing must be performed by a professional and qualified person.
• It is important to define the scope of the test, including the systems and applications that will be scanned.
• The person conducting the penetration test must ensure that everything related to the test has been removed from the system.
• After the pen test has been completed, a report should be generated which includes an executive summary for a less technical audience, and a more technical summary written for security professionals.

Performing a Penetration Test

• Penetration testing includes two phases: reconnaissance and penetration.
• During the reconnaissance phase, a tester collects information about the target for future testing.
• The penetration phase is where the tester attempts to exploit vulnerabilities in the target system.

Vulnerability Scanning

• Vulnerability scanning complements penetration testing.
• Vulnerability scans are conducted to uncover vulnerabilities in a system and alert the stakeholders.
• The two major types of scans are credentialed and intrusive scans.
• An intrusive scan attempts to exploit any discovered vulnerabilities, while a nonintrusive scan only records that it was discovered.
• Vulnerability information is available to provide updated information about the latest vulnerabilities.

Data Management Tools

• Data management tools help to analyze and manage the security data collected from various security systems and threats.
• A Security Information and Event Management (SIEM) consolidates data from multiple security sources.
• SIEMS use data correlation which is used to discover anomalies and threats by comparing data across many different systems and devices.
• SIEMS can perform sentiment analysis which is used to identify and categorize opinions to determine the writer's attitude toward a particular topic.
• A Security Orchestration, Automation, and Response (SOAR) uses comprehensive data gathering and analytics to automate incident responses.

Threat Hunting

• Threat hunting is proactively searching for cyber threats that have gone undetected in a network.
• Threat hunting often uses crowdsourced attack data such as advisories and bulletins, cybersecurity threat feeds, and information from a fusion center.

Description

This quiz covers the fundamentals of penetration testing, including its purpose, planning, and the crucial role of defining the scope of the test. Learn about the rules of engagement and the importance of conducting thorough assessments to protect organizations from potential threats.