Preview

03 - Penetration Testing

 1. A penetration test, colloquially known as a pen test, is an _______________________ on a computer system, performed to evaluate the security of the system

  authorised and irreversibly destructive attack (such that the system will not recover)

  unauthorised unsimulated attack

  authorized simulated attack

  unauthorised simulated attack

 2. Fill in the blanks in the following excerpt on pen testing.
The test is performed to identify both ___________ (also referred to as 
vulnerabilities), including the potential for unauthorized parties 
to gain access to the system's features and data, as well as ________, 
enabling a full risk assessment to be completed.

  potential hackers / good anti virus firewalls

  malware / encryption weaknesses

  viruses / malware

  weaknesses / strengths

 3. The process typically identifies the ____________ and a particular goal—then reviews available information and undertakes various means to attain the goal

  government

  PC monitor under investigation

  hacker in question

  target systems

 4. There are typically two well known types of penetration test targets: What are they?

  Normal and Boundary

  Fluid and Static

  Red and Yellow

  Black and White

 5. Penetration testing can never be carried out manually by individuals who are capable of carrying out attacks.

  TRUE

  FALSE

 6. Hackers that carry out penetration testing are sometimes called:

  Boundary testers

  There is no such thing - only computer systems can penetration test, not humans

  penepen testers

  ethical hackers or white-hat hackers

 7. White box testing assumes knowledge of the internals of the systems.

  FALSE

  TRUE

 8. White box testing would simulate an attack from someone with:

  Very little knowledge of the system (hence the term 'white') lmited to the system colours

  a vague if not non-existent knowledge of the system

  absolutely no knowledge of the system except for its location and name

  a detailed and insider knowledge of the system

 9. The aim of black box testing may be to:

  simulate a full on cyberwarfare attack (e.g. flooding the servers with more requests than can be handled)

  see if the system can be contained in a black box

  see if the system meets the criteria of the 'black book' held by the governent

  simulate an attack on the system with full knowledge of the inside of the system and the code.

 10. Under budget and time constraints, ______ is a common technique that discovers vulnerabilities. It aims to get an unhandled error through random input
You may need to research this one!

  fuzzing

  muzzing

  nuzzing

  kuzzing