19 Questions
What is the first step in the information-gathering phase described in the text?
Analyzing freely available sources of information
Which tool is mentioned as being used during the information-gathering phase?
Port scanner
What should be included in a contract to limit liability during a penetration test?
Non-disclosure agreement clause
In the context of a penetration test, what is Open Source Intelligence (OSINT) used for?
Identifying potential ways to connect to client's systems
Which phase follows the information-gathering phase in a penetration test according to the text?
Threat- modelling phase
Which of the following is NOT a typical component of an executive summary in a pentesting report?
Detailed exploit code used during the pentest
During the reporting phase of a pentest, what is the primary purpose of the technical report?
To provide detailed technical information for the IT staff to remediate vulnerabilities
Which of the following is a common technique used by pentesters to escalate privileges during an engagement?
Exploiting a buffer overflow vulnerability
Which of the following is NOT a recommended practice when writing an executive summary for a pentesting report?
Using technical jargon and acronyms without explanation
During the information gathering phase of a pentest, which of the following techniques is commonly used?
Performing open-source intelligence (OSINT) gathering
What is the primary purpose of the reporting phase in a pentesting engagement?
To convey the findings to the client in a meaningful way
What is the main challenge when gathering information during a pentest, according to the text?
Sorting through a large amount of irrelevant data
In a pentest, what is the purpose of vulnerability scanning tools and techniques during the information-gathering phase?
Revealing vulnerabilities without actively attacking
What does Open Source Intelligence (OSINT) focus on in the context of a pentest?
Collecting information from legal sources
What is the primary objective of including a risk profile in the reporting phase of a pentest?
Quantifying the risk exposure of identified vulnerabilities
When crafting an executive summary for a pentesting report, what should be emphasized?
Potential impact of the identified vulnerabilities
In a pentest, what is a typical component of a technical report following the exploitation phase?
Recommendation summary for countermeasures
Why is it crucial to focus on privilege escalation during an engagement?
To gain higher levels of access within systems
During a pentest, what distinguishes Open Source Intelligence (OSINT) from covert intelligence sources?
'OSINT relies on data available from public/legal sources'
Learn about the final phase of pentesting where findings are communicated to the customer for both technical practitioners and executives. Understand how to summarize findings, convey what needs improvement, and suggest fixes to problems.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
