Question

In: Computer Science

Vulnerability Assessment and Penetration Testing 1.Which of the following security test types would be best defined...

Vulnerability Assessment and Penetration Testing

1.Which of the following security test types would be best defined as an engagement that focuses on the discovery of vulnerabilities within an environment to improve security for the organization but does not actively exploit those vulnerabilities to show the potential impact on the organization.

a)Security Audit

b) Penetration test

c)Red team engagement

d)Vulnerability

2. You are about to conduct a penetration test as a third party consultant. They have given you limited details about the environment prior to beginning which will leave some discovery to your team. What type of penetration test are you conducting?

a) White Box

b) Black Box

c) Grey Box

d) None of the above

3. What step of the Lockheed Martin Cyber Kill Chain involves an adversary exploiting a vulnerability to gain access to a computer?

Question 3 options:

Reconnaissance

Delivery

Command and Control

Exploitation

Installation

Actions on objectives

Weaponization

4.Place the steps of the Penetration Testing Execution Standard in their proper order.

Intelligence Gathering

Exploitation

Vulnerability Analysis

Reporting

Pre-Engagement Activities

Threat Modeling

5.Which step of the MITRE ATT&CK framework is associated with adversaries moving between computers in order to further their operations?

Command and Control

Lateral Movement

Defense Evasion

Discovery

Solutions

Expert Solution

Answer)

1) b) Penetration testing

Penetration testing is referred to as pen testing or ethical hacking is defined to be the form of testing the computer system or the network or the web application for finding the security vulnerability. This doesn't actively get involved in to the vulnerability.

2) C) Grey Box penetration testing

This is the kind of strategy for debugging the software where the tester doesn't have enough knowledge about the internal details of the program.

3) Reconnaissance attack

This is the kind of information gathering on the network system as well as services with the help of negative theft way. This is the kind of attack where the intruder gets engaged with that of the targeted system for gathering the information related to vulnerability.

4) Intelligence Gathering

Vulnerability analysis

Exploitation

Pre Engagement activities

Threat Modeling

Reporting

Some of the 5 steps involved are as follows:

a) Planning and Reconnaissance

b) Scanning

c) Gaining access

d) Maintaining the access

e) Analysis and WAF configuration

5) Discovery

The adversaries lead to attempting for getting a list of open application windows. It is the system which is being used or providing the context for the information being collected by the key logger.

If you found the answer useful, hit like
Hope this answer helps.
Thanks


Related Solutions

A key role of penetration testing as used by IT security professionals is to identify system...
A key role of penetration testing as used by IT security professionals is to identify system weaknesses of various kinds. According, pen testing is an important method for protecting organizations from unwanted attacks or intrusions. Why is it important to understand the risks presented by weak physical security? How does defense in depth prevent attacks? What considerations inform decisions regarding which physical controls should be implemented and for what reasons?
Which of the following factors would be important to detecting instability or vulnerability in the national...
Which of the following factors would be important to detecting instability or vulnerability in the national economy? Debts, deficits; external balances and exchange rates; saving and investment Inflation and interest rates; external balances and exchange rates; savings and investment GDP and growth; inflation and interest rates; external balances and exchange rates Unemployment and underutilization; GDP and growth; inflation and interest rates
Which of the following best describes the job duties of security administrators? a) They create security...
Which of the following best describes the job duties of security administrators? a) They create security policies. b) They design secure systems. c) They check if employees comply with security policies. d) They ensure appropriate separation of duties exists to prevent abuse of privilege. Managing incident response is a key area of which of the following CBK domains? a) Information security governance and risk management b) Security architecture and design c) Business continuity and disaster recovery planning d) Operations security...
1.) Which of the following statements concerning defined-contribution plans that integrate with Social Security is correct?...
1.) Which of the following statements concerning defined-contribution plans that integrate with Social Security is correct? Annual non-discrimination testing is required for a plan that integrates with Social Security. If employees receive a contribution of 3% of total compensation, then an additional 3% of total compensation can also be contributed for compensation between the integration level and the income cap. The maximum integration level is $275,000. Only money-purchase pension plans can have a formula that integrates with Social Security. 2.)...
A company contracted security consultant to perform a remote white box penetration test. The company wants...
A company contracted security consultant to perform a remote white box penetration test. The company wants the consultant to focus on internet-facing services without negatively impacting Production Services. Which of the following is the consultant most likely to use to identify the company's attack surface? Select 2 Web crawler WHOIS registry DNS records companies firewall ACL   internal routing tables directory service queries
Identify the four different types of wireless encryption, and indicate which ones provide the best security....
Identify the four different types of wireless encryption, and indicate which ones provide the best security. Provide a brief explanation of each.
1) Which of the following would be the best example of a public good? a) Clean...
1) Which of the following would be the best example of a public good? a) Clean water at the public lake. b) A community park. c) Snowplowing the streets. d) Public school. 2) Which of the following is the best example of a public good with exclusion? a) A fireworks display that can be seen miles away. b) Fire protection services offered by the city. c) Satellite radio service. d) A public lake. 3) Which of the following best represents...
Details on how you can test for risk and conduct a security assessment using CCTV security...
Details on how you can test for risk and conduct a security assessment using CCTV security camera? Also, explain the risk mitigation?
When is price skimming more appropriate, and when is penetration pricing the best strategy? When would...
When is price skimming more appropriate, and when is penetration pricing the best strategy? When would trial pricing be an effective pricing strategy? Use some specific examples of possible new products. Identify the strategy they may have used. Explain wWhy they would use the strategy, and if the strategy was effective or not.
Mortgage prepayments are best defined by which of the following? a paying a monthly mortgage payment...
Mortgage prepayments are best defined by which of the following? a paying a monthly mortgage payment before the regular due date b paying off the principal faster than required by the amortization schedule c paying a cash deposit when purchasing a property d paying each mortgage payment as scheduled e reducing the mortgage according to a schedule over the life of the mortgage State of the Economy   Probability E( R ) Boom 0.25 16% Normal 0.45 10% Recession 0.30 -8%...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT