Question

Vulnerability Assessment and Penetration Testing

1.Which of the following security test types would be best defined as an engagement that focuses on the discovery of vulnerabilities within an environment to improve security for the organization but does not actively exploit those vulnerabilities to show the potential impact on the organization.

a)Security Audit

b) Penetration test

c)Red team engagement

d)Vulnerability

2. You are about to conduct a penetration test as a third party consultant. They have given you limited details about the environment prior to beginning which will leave some discovery to your team. What type of penetration test are you conducting?

a) White Box

b) Black Box

c) Grey Box

d) None of the above

3. What step of the Lockheed Martin Cyber Kill Chain involves an adversary exploiting a vulnerability to gain access to a computer?

Question 3 options:

	Reconnaissance
	Delivery
	Command and Control
	Exploitation
	Installation
	Actions on objectives
	Weaponization

4.Place the steps of the Penetration Testing Execution Standard in their proper order.

	Intelligence Gathering
	Exploitation
	Vulnerability Analysis
	Reporting
	Pre-Engagement Activities
	Threat Modeling

5.Which step of the MITRE ATT&CK framework is associated with adversaries moving between computers in order to further their operations?

	Command and Control
	Lateral Movement
	Defense Evasion
	Discovery

Answer 1

Answer)

1) b) Penetration testing

Penetration testing is referred to as pen testing or ethical hacking is defined to be the form of testing the computer system or the network or the web application for finding the security vulnerability. This doesn't actively get involved in to the vulnerability.

2) C) Grey Box penetration testing

This is the kind of strategy for debugging the software where the tester doesn't have enough knowledge about the internal details of the program.

3) Reconnaissance attack

This is the kind of information gathering on the network system as well as services with the help of negative theft way. This is the kind of attack where the intruder gets engaged with that of the targeted system for gathering the information related to vulnerability.

4) Intelligence Gathering

Vulnerability analysis

Exploitation

Pre Engagement activities

Threat Modeling

Reporting

Some of the 5 steps involved are as follows:

a) Planning and Reconnaissance

b) Scanning

c) Gaining access

d) Maintaining the access

e) Analysis and WAF configuration

5) Discovery

The adversaries lead to attempting for getting a list of open application windows. It is the system which is being used or providing the context for the information being collected by the key logger.

If you found the answer useful, hit like
Hope this answer helps.
Thanks