1_8_1 Section 1 – Attacks, Threats, and Vulnerabilities - 1.8 – Penetration Testing - Penetration Testing

Questions and Answers

What is the purpose of creating persistence in a system?

To identify the exploit used to gain access to the system

To prevent others from gaining access to the system

To fix the vulnerabilities found in the system

To ensure that access to the system can be regained later (correct)

What is a pivot point in penetration testing?

A system that is used to store exploits and vulnerabilities

A system that is used to launch attacks on other systems (correct)

The initial system that is exploited to gain access to the network

A system that is used to monitor the network traffic

What is the importance of reverting systems back to their original state after a penetration test?

To prevent the system from being used for malicious purposes

To restore the system to its original configuration to prevent any further exploitation (correct)

To erase any evidence of the penetration test

To ensure that the exploits found are fixed

What is a bug bounty?

A reward for identifying vulnerabilities in a system

Why is it essential to remove back doors and pivot points after a penetration test?

To prevent others from using them for malicious purposes

What is the goal of a penetration tester who performs tests in search of a bug bounty?

To earn money by identifying vulnerabilities

What is the main goal of a penetration test?

To gain access to a system and simulate an external attack

What is the difference between a penetration test and a vulnerability scan?

A penetration test actively tries to exploit vulnerabilities, whereas a vulnerability scan only identifies them

What is the purpose of defining rules of engagement for a penetration test?

To ensure everybody knows the purpose and scope of the test

What document can provide guidance on designing and planning for penetration tests?

NIST's Technical Guide to Information Security Testing and Assessment

Who typically performs penetration tests?

Third-party contractors

Why are penetration tests often mandated?

To ensure compliance with regulations

What is the purpose of including a list of IP addresses in the rules of engagement for a penetration test?

To identify devices that are in scope for the test and those that are not

Why is it important to have emergency contacts listed in the rules of engagement?

In case something goes wrong during the test and quick action is needed

What is the goal of a penetration test?

To identify vulnerabilities and exploit them

What is lateral movement in the context of a penetration test?

Moving from device to device on the inside of a network

Why is it important to perform a penetration test?

To identify vulnerabilities and fix them before attackers do

What type of penetration test is it where the tester has no prior knowledge of the systems?

Unknown environment

What is the purpose of including sensitive information in the rules of engagement?

To ensure that the tester is aware of sensitive data that may be accessed

What is a potential risk of performing a penetration test?

Creating a denial of service

What is the purpose of performing password brute-force attacks during a penetration test?

To try to guess passwords using common passwords

Why is it important to have permission to exploit vulnerabilities during a penetration test?

To avoid legal consequences