CompTIA Pentest+ Certification For Dummies. Glen E. ClarkeЧитать онлайн книгу.
The Penetration Testing Execution Standard (PTES) is a methodology for performing penetration tests. PTES breaks the penetration test down into seven phases: pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. You can learn more about PTES and the technical guidelines to performing a pentest at www.pentest-standard.org/index.php/Main_Page
.
The Information Systems Security Assessment Framework (ISSAF) is a methodology that provides technical guidance related to performing a penetration test. There are a number of ISSAF technical documents that discuss a wide range of security assessment categories such as wireless LAN security assessment, Windows security assessments, VPN security assessments, and so on. To see a list of these documents check out the following URL:
https://sourceforge.net/projects/isstf/files/issaf%20document/issaf0.1
Reviewing Key Concepts
This chapter highlights a number of concepts and terminology related to penetration testing that you should be familiar with when preparing for the CompTIA PenTest+ certification exam. Following is a quick review of some of the key points to remember from this chapter:
Two reasons to conduct a penetration test are to better secure the company assets, or to be compliant with regulations governing your organization.
You can have a penetration test performed by internal staff or an external third party. If internal staff is used, be sure those conducting the penetration test are not members of the team responsible for managing or configuring the systems being tested.
You should perform a penetration test annually and be sure to test external and internal assets.
You can follow several different strategies when performing a penetration test. You can do an unknown-environment test (black box test), for which the pentester is given no information about the target environment. You can do a known-environment test (white box test), for which the pentester is given all of the information about the environment being tested. Or you can do a partially known-environment test (gray box test), for which limited information is given to the pentester to ensure the test is focused and timely.
A threat actor is someone or something that may perform an attack on your systems or environment.
The OWASP Top 10 document is a listing of the ten most common security flaws found in web applications and is a great resource for pentesters.
The four phases to the CompTIA penetration testing process are: planning and scoping, information gathering and vulnerability identification, attacks and exploits, and reporting and communication.
Prep Test
1. Bob is using nmap to discover ports that are open on the systems. What form of information gathering is Bob performing?
(A) Vulnerability identification
(B) Active information gathering
(C) Vulnerability scanning
(D) Passive information gathering
2. What type of penetration test involves the tester being given no information about the target environment?
(A) Unknown-environment test
(B) Known-environment test
(C) Partially known-environment test
(D) All knowledge test
3. What type of reconnaissance involves the tester querying the DNS to discover the DNS names and IP addresses used by the customer?
(A) Vulnerability identification
(B) Active information gathering
(C) Vulnerability scanning
(D) Passive information gathering
4. Which of the following represents a reason to perform a penetration test annually?
(A) Cost
(B) Time
(C) Compliance
(D) Know-how
5. Lisa performed a penetration test on your organization and is creating the report. What should Lisa be sure to communicate within the report?
(A) How good Lisa is at hacking
(B) Remediation steps
(C) Signed authorization
(D) Resources used
6. Which of the following is critical to perform during the planning and scoping phase of the penetration test?
(A) Port scan
(B) Vulnerability scan
(C) Summary of remediation steps
(D) Obtain written authorization
7. What type of penetration test involves giving the tester only the IP addresses of the servers that you wish to be tested?
(A) Unknown-environment test
(B) Known-environment test
(C) Partially known-environment test
(D) All knowledge test
8. What is the third phase of the CompTIA penetration testing process?
(A) Attacks and exploits
(B) Reporting and communication
(C) Planning and scoping
(D) Information gathering and vulnerability identification
9. What threat actor has limited knowledge of the attacks being performed and typically just runs prebuilt tools to perform the attack?
(A) APT
(B) Script kiddie
(C) Hacktivist
(D) Insider threat
10. You are part of the team within your organization that performs the attacks during the penetration test. What is the name for your team?
(A) Blue team
(B) Black team
(C) White team
(D) Red team
11. What OWASP Top 10 security flaw is a result of an application not employing encryption technology to protect data in storage or data at rest?
(A)