click below
click below
Normal Size Small Size show me how
Penetration Testing
CompTIA+ topic
Question | Answers |
---|---|
Penetration testing: (Select all that apply) | a. bypasses security controls c. actively tests security controls d. exploits vulnerabilities |
A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called: | b. white box testing |
A penetration test of a computer system performed without the prior knowledge on how the system that is to be tested works is referred to as a black-box testing. | a. true |
Which of the following terms is used to describe a penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system? | c. gray box testing |
In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting. | b. false |
In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system. | b. false |
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against: | c. war driving |
Which of the following statements does not apply to the concept of OSINT? | d. active reconnaissance in penetration testing |
In cybersecurity exercises, red team takes on the role of: | a. an attacker |
In cybersecurity exercises, the defending team is referred to as: | b. blue team |
In cybersecurity exercises, the role of an event overseer (i.e. the referee) is delegated to: | c. white team |
In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue, and white). | b. false |