Preview

03 - Penetration Testing

 1. A penetration test, colloquially known as a pen test, is an _______________________ on a computer system, performed to evaluate the security of the system

  authorised and irreversibly destructive attack (such that the system will not recover)

  unauthorised simulated attack

  unauthorised unsimulated attack

  authorized simulated attack

 2. Fill in the blanks in the following excerpt on pen testing.
The test is performed to identify both ___________ (also referred to as 
vulnerabilities), including the potential for unauthorized parties 
to gain access to the system's features and data, as well as ________, 
enabling a full risk assessment to be completed.

  malware / encryption weaknesses

  viruses / malware

  potential hackers / good anti virus firewalls

  weaknesses / strengths

 3. The process typically identifies the ____________ and a particular goal—then reviews available information and undertakes various means to attain the goal

  government

  PC monitor under investigation

  target systems

  hacker in question

 4. There are typically two well known types of penetration test targets: What are they?

  Black and White

  Fluid and Static

  Red and Yellow

  Normal and Boundary

 5. Penetration testing can never be carried out manually by individuals who are capable of carrying out attacks.

  TRUE

  FALSE

 6. Hackers that carry out penetration testing are sometimes called:

  ethical hackers or white-hat hackers

  There is no such thing - only computer systems can penetration test, not humans

  penepen testers

  Boundary testers

 7. White box testing assumes knowledge of the internals of the systems.

  TRUE

  FALSE

 8. White box testing would simulate an attack from someone with:

  Very little knowledge of the system (hence the term 'white') lmited to the system colours

  a detailed and insider knowledge of the system

  absolutely no knowledge of the system except for its location and name

  a vague if not non-existent knowledge of the system

 9. The aim of black box testing may be to:

  see if the system can be contained in a black box

  simulate an attack on the system with full knowledge of the inside of the system and the code.

  see if the system meets the criteria of the 'black book' held by the governent

  simulate a full on cyberwarfare attack (e.g. flooding the servers with more requests than can be handled)

 10. Under budget and time constraints, ______ is a common technique that discovers vulnerabilities. It aims to get an unhandled error through random input
You may need to research this one!

  fuzzing

  muzzing

  kuzzing

  nuzzing