Penetration Testing Overview

Questions and Answers

What must be included in the report generated after a penetration test?

A detailed account of every action taken during the test

An executive summary for a less technical audience (correct)

A list of all software agents installed during the test

A proposal for future penetration tests

What is the goal of the cleanup phase in a penetration test?

To ensure that no traces of the pen test are left on the systems (correct)

To present findings to stakeholders in a formal meeting

To develop a new security protocol for the organization

To improve system performance by optimizing configurations

Which of the following phases is NOT part of performing a penetration test?

Penetration

Reconnaissance

Exploitation (correct)

Post-Test Review

What should happen to any credentials that were changed during a penetration test?

They should be restored to their original state

What type of audience is the executive summary of the penetration test report intended for?

Less technical stakeholders and management

What is the primary purpose of a penetration test?

To exploit vulnerabilities in order to uncover new risks

What is a significant risk associated with poor planning in penetration testing?

Expansion beyond the defined limitations of the test

Who should typically perform a penetration test?

Third-party security professionals

What is a key component of the rules of engagement for penetration testing?

The specific targets and limitations of the test

What does vulnerability scanning aim to achieve?

To identify and classify potential security weaknesses

Why is the planning phase crucial for successful penetration testing?

It sets the boundaries and objectives of the test

What could be a consequence of failing to adhere to planning protocols in a penetration test?

Legal complications due to unauthorized access

What is often considered the most important step in penetration testing?

Planning the penetration test thoroughly

What is the primary purpose of a credentialed vulnerability scan?

To provide valid authentication information to the scanner

Which of the following best describes a nonintrusive scan?

Records vulnerabilities without any exploitation attempts

When prioritizing vulnerabilities, which factor is NOT considered?

The appearance of the vulnerability in the scan report

What type of scan would likely give the most comprehensive view of vulnerabilities?

Credentialed intrusive scan

Which of the following is an example of a question to help prioritize vulnerabilities?

Can the vulnerability be resolved within a specific timeframe?

What does vulnerability scanning software primarily compare against?

A set of known vulnerabilities

What defines an intrusive scan's approach to vulnerabilities?

It directly attempts to exploit vulnerabilities found

In vulnerability assessment, which aspect should be evaluated alongside the accuracy of the vulnerability findings?

The importance of the vulnerabilities

What must a pen tester determine when a vulnerability is discovered?

How to pivot to another system

Which of the following statements best describes the mindset of a pen tester?

They need to be patient and persistent.

What is the correct order of the two primary phases of penetration testing?

Reconnaissance, penetration

Which process complements penetration testing by identifying vulnerabilities?

Vulnerability scanning

What is the purpose of conducting proper reconnaissance before a penetration test?

To gather information for effective testing

How should pen testers design their attack strategies?

They need to design attacks carefully and manually.

What role does threat hunting play in vulnerability scanning?

It enhances the effectiveness of scanning.

Which of the following is NOT a focus area when studying vulnerability scanning?

How to develop firmware updates

What is sentiment analysis primarily used for in the context of cybersecurity?

Determining the behavior of threat actors

What is the primary focus of threat hunting in a network?

Proactively searching for undiscovered cyber threats

Which feature is NOT typically associated with a Security Information and Event Management (SIEM) system?

Remediation

How does Security Orchestration, Automation, and Response (SOAR) improve upon the functionalities of a SIEM?

By automating incident response procedures

What type of data sources are often utilized during threat hunting investigations?

Crowdsourced attack data

What is a critical premise that threat hunting begins with?

Threat actors have infiltrated the network

In the context of threat reporting, what is a fusion center?

A repository for sharing attack information

What best describes how SOARs operate compared to traditional SIEMs?

They enhance efficiency through automation.

Study Notes

Penetration Testing

• Penetration testing is designed to help a company uncover new vulnerabilities in their system and learn how threat actors could exploit them.
• The most important part of penetration testing is proper planning - it can help prevent "creep" which is an expansion beyond the initial scope of the test, which can create legal issues.
• Penetration tests are performed to help protect an organization from attackers.
• When planning penetration testing, it is important to define the scope, schedule and resources needed for the project.

Rules of Engagement

• Penetration testing must be performed by a professional and qualified person.
• It is important to define the scope of the test, including the systems and applications that will be scanned.
• The person conducting the penetration test must ensure that everything related to the test has been removed from the system.
• After the pen test has been completed, a report should be generated which includes an executive summary for a less technical audience, and a more technical summary written for security professionals.

Performing a Penetration Test

• Penetration testing includes two phases: reconnaissance and penetration.
• During the reconnaissance phase, a tester collects information about the target for future testing.
• The penetration phase is where the tester attempts to exploit vulnerabilities in the target system.

Vulnerability Scanning

• Vulnerability scanning complements penetration testing.
• Vulnerability scans are conducted to uncover vulnerabilities in a system and alert the stakeholders.
• The two major types of scans are credentialed and intrusive scans.
• An intrusive scan attempts to exploit any discovered vulnerabilities, while a nonintrusive scan only records that it was discovered.
• Vulnerability information is available to provide updated information about the latest vulnerabilities.

Data Management Tools

• Data management tools help to analyze and manage the security data collected from various security systems and threats.
• A Security Information and Event Management (SIEM) consolidates data from multiple security sources.
• SIEMS use data correlation which is used to discover anomalies and threats by comparing data across many different systems and devices.
• SIEMS can perform sentiment analysis which is used to identify and categorize opinions to determine the writer's attitude toward a particular topic.
• A Security Orchestration, Automation, and Response (SOAR) uses comprehensive data gathering and analytics to automate incident responses.

Threat Hunting

• Threat hunting is proactively searching for cyber threats that have gone undetected in a network.
• Threat hunting often uses crowdsourced attack data such as advisories and bulletins, cybersecurity threat feeds, and information from a fusion center.

Description

This quiz covers the fundamentals of penetration testing, including its purpose, planning, and the crucial role of defining the scope of the test. Learn about the rules of engagement and the importance of conducting thorough assessments to protect organizations from potential threats.