Module 1: Penetration Testing 

by
Contents hide
1 INTRODUCTION – Penetration Testing
2 PLANNING AND DISCOVERY KNOWLEDGE CHECK
3 ATTACK AND REPORTING KNOWLEDGE CHECK
4 PENETRATION TESTING TOOLS
5 PENETRATION TEST GRADED QUIZ
6 CONCLUSION – Penetration Testing
Spread the love

INTRODUCTION – Penetration Testing

As long as seeing penetration tests is important, this module is about getting to know the phases of penetration testing extensively as well as having a look at many tools used in penetration testing.

Learning Objectives:

  • Discuss components of penetration test report’s executive summary and technical review.
  • Describe usually exploited vulnerabilities.
  • Summarize what happens in each step of the attack phase during penetration testing.
  • Methods for the discovery phase in terms of penetration testing.
  • Define and explain the importance of vulnerability analysis in penetration testing.
  • Differentiate between open box, closed box, and gray box penetration testing.
  • List directives that testers and clients should document during the planning stage of a penetration test.
  • Describe each component of a planning phase of penetration testing.
  • Summarize common approaches to penetration tests.
  • What is penetration testing and its importance?

PLANNING AND DISCOVERY KNOWLEDGE CHECK

1. What type of scan can be conducted to determine what possible exploits exist given the client’s environment?

  • Port Scan
  • Document Scanning
  • Anti-Virus Scan
  • Vulnerability Scan (CORRECT)

2. Which three (3) forms of discovery can be conducted offline?

  • Packet Sniffing
  • Shoulder Surfing (CORRECT)
  • Dumpster Diving (CORRECT)
  • Social Engineering (CORRECT)

Partially correct!

3. Network Mapping, Port Scanning, and Password Cracking are all forms of what type of discovery?

  • Offline
  • Active (CORRECT)
  • Passive
  • Neutral

4. True or False: The Planning phase is considered a formality and can be skipped as long as you have the verbal agreement of the client.

  • True
  • False (CORRECT)

ATTACK AND REPORTING KNOWLEDGE CHECK

1. What level of access is ideal for a penetration tester to achieve in order to exploit a system?

  • Standard
  • Admin/Root (CORRECT)
  • Guest
  • Advanced

2. Which of the following is NOT a common type of vulnerability?

  • Misconfigurations
  • Race Conditions
  • Incorrect File and Directory Permissions
  • Phishing (CORRECT)

3. Which portion of the pentest report gives a step by step account of how and why each exploit was conducted?

  • Executive Summary
  • Rules of Engagement
  • Recommendations for Remediation
  • Technical Review (CORRECT)

PENETRATION TESTING TOOLS

1. Which tool lets you log network traffic and analyze it?

  • Nmap
  • John the Ripper
  • Metasploit
  • Wireshark (CORRECT)

2. Which software serves as toolbox, providing access to hundreds of other tools and resources?

  • Wireshark
  • Hack the Box
  • John the Ripper
  • Kali Linux (CORRECT)

3. Which tool is used primarily for password cracking?

  • Kali Linux
  • Nmap
  • John the Ripper (CORRECT)
  • Metasploit

PENETRATION TEST GRADED QUIZ

1. Which of the following is NOT a phase of a penetration test?

  • Discovery
  • Attack (CORRECT)
  • Reviewing
  • Planning

2. In which phase of penetration testing do you recommend solutions to address any exploited vulnerabilities?

  • Planning
  • Discovery
  • Attack
  • Reporting (CORRECT)

3. Which portion of the pentest report gives a high level detail of how the test went and what goals were accomplished?

  • Executive Summary (CORRECT)
  • Scope Worksheet
  • Technical Report
  • Risk Analysis

4. Throughout the attack phase of a pentest, you may need to revisit which other phase as you gain further access into a system? 

  • Reporting
  • Discovery (CORRECT)
  • Exploitation
  • Planning

5. What method of gathering information can be used to get information about a website that is not readily available?

  • Phishing
  • Social Engineering
  • Port Scanning (CORRECT)
  • Google Dorking

6. Which two (2) privacy laws do you need to take into consideration when potentially gaining access to private customer information?

  • Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
  • General Data Protection Regulation (GDPR) (CORRECT)
  • Health Insurance Portability and Accountability Act (HIPPA) (CORRECT)
  • Distributed Denial of Service (DDoS)

7. Guessing passwords or running a password cracking software engages in what type of attack to gain access to a system?

  • Brute Force (CORRECT)
  • Hash
  • Passive Agressive
  • Persistent

8. What document would protect the privacy of your client and their customers?

  • Rules of Engagement (RoE)
  • Scope Worksheet
  • Non Disclosure Agreement (NDA) (CORRECT)
  • Press Release

9. Gaining access to a system can occur in which two phases?

  • Planning and Discovery
  • Discovery and Reporting
  • Discovery and Attack (CORRECT)
  • Planning and Attack

10. Conducting a pentest as if you were an external hacker with no resources is known as what type of test?

  • Grey Box
  • Red Hat
  • White Box
  • Black Box (CORRECT)

CONCLUSION – Penetration Testing

The conclusion of this module is a complete understanding of penetration testing, its importance, phases, and multiple tools. You are now equipped with the necessary knowledge to evaluate and enhance the security stance of your systems and networks against potential vulnerabilities and cyber threats.

Leave a Comment