1.4.3 Quiz – Introduction to Ethical Hacking and Penetration Testing Answers

Explanation: The term ethical hacker describes a person who acts as an attacker and evaluates the security posture of a computer network to minimize risk. Ethical hacker uses the same tools to find vulnerabilities and exploit targets as nonethical hackers.

Explanation: Several years ago, the cybercrime industry took over the number-one spot for the most profitable illegal industry, attracting a new type of cyber-criminal. Organized crime goes where the money is. It consists of very well-funded and motivated groups that will typically use any of the latest attack techniques to gain access to information systems.

Explanation: Hacktivists are threat actors who are not motivated by money. They are looking to make a point, promoting a political agenda or social change, using cybercrime as the method of attack.

Explanation: Cyber war and cyber espionage are two terms that fit into the category of a state-sponsored attack. Many governments worldwide use cyber attacks to steal information from opponents and cause disruption.

Explanation: An insider threat is a threat that comes from inside an organization. Insider threats are often normal employees tricked into divulging sensitive information or mistakenly clicking on links that allow attackers to access the computers. However, they could also be malicious insiders, possibly motivated by revenge or money.

Explanation: Application-based penetration test focus on testing for security weaknesses in enterprise applications. These weaknesses can include but are not limited to misconfigurations, input validation issues, injection issues, and logic flaws.

Explanation: The network infrastructure penetration test is focused on evaluating the actual network infrastructure’s security posture, including the switches, routers, firewalls, and supporting resources, such as AAA servers and IPSs. Application-based penetration tests evaluate web servers and back-end databases. Cloud service providers (CSPs) are evaluated by penetration testing in the cloud.

Explanation: The application-based penetration test focuses on testing for security weaknesses in enterprise applications. These weaknesses can include but are not limited to misconfigurations, input validation issues, injection issues, and logic flaws. Because a web application is typically built on a web server with a back-end database, the testing scope also normally includes the database.

Explanation: Companies (e.g., Microsoft, Apple, Cisco) and government institutions (e.g., the U.S. Department of Defense) use bug bounty programs to reward security professionals when they find vulnerabilities in websites, applications, or any system. This enables the organization to fix these vulnerabilities before threat actors exploit them.

Explanation: A partially known environment penetration test, previously known as gray-box, is somewhat of a hybrid approach between unknown- and understood- environment tests. With partially known environment testing, the testers may be provided credentials but not full network infrastructure documentation.

Explanation: In a known-environment penetration test (previously known as a white box), the tester starts with significant information about the organization and the infrastructure. The tester would normally be provided with network diagrams, IP addresses, configurations, and user credentials. This type of test aims to identify as many holes as possible.

Explanation: In an unknown-environment penetration test (previously known as black-box), the tester typically only has a very limited amount of information. For instance, the tester may only provide the domain names and IP addresses in scope for a particular target. The tester would have yet to gain prior knowledge of the organization’s target and infrastructure.

Explanation: Place the options in the following order:

Explanation: Penetration Testing Execution Standard (PTES) provides information about types of attacks and methods, and it provides information on the latest tools available to accomplish the testing methods outlined. It involves seven phases: Pre-engagement interactions, Intelligence gathering, Threat modeling, Vulnerability analysis, Exploitation, Post-exploitation, and Reporting.

Explanation: Information Systems Security Assessment Framework (ISSAF) is a penetration methodology with the following phases: Information gathering, Network mapping, Vulnerability identification, Penetration, Gaining access and privilege escalation, Enumerating further, Compromising remote users/sites, Maintaining access, and Covering the tracks.

Explanation: The Open Source Security Testing Methodology Manual (OSSTMM) is a document that lays out repeatable and consistent security testing. It has the following key sections: Operational Security Metrics, Trust analysis, Workflow, Human security testing, Physical security testing, Wireless security testing, Telecommunications security testing, Data networks security testing, Compliance regulations, and Reporting with the Security Test Audit Report (STAR).

Explanation: OWASP Web Security Testing Guide (WSTG) is a comprehensive guide focused on web application testing. It is a compilation of many years of work by OWASP members. It covers the high-level phases of web application security testing and digs deeper into the testing methods used.

Explanation: Black-Arch (blackarch.org), Kali Linux (kali.org), and Parrot OS (parrotsec.org) are Linux distributions that include penetration testing tools and resources. Social-Engineer Toolkit (SET) is an excellent tool for performing social engineering testing campaigns. OWASP is a nonprofit organization with local chapters worldwide that provides significant guidance on securing applications. Penetration Testing Execution Standard (PTES) is a penetration testing standard that provides information about types of attacks and methods.

Explanation: Many different Linux distributions include penetration testing tools and resources, such as Kali Linux (kali.org), Parrot OS (parrotsec.org), and Black-Arch (blackarch.org). These Linux distributions provide a very convenient environment to learn about the different security tools and methodologies used in pen testing.

Explanation: Some requirements for a typical penetration testing environment are:
Closed network: the tester needs to ensure controlled access to and from the lab environment and restricted access to the Internet
Health monitoring: when something crashes, the tester needs to be able to determine why it happened
Sufficient hardware resources: the tester needs to be sure that a lack of resources is not the cause of false results
Duplicate tools: a way to validate a finding is to run the same test with a different tool to see if the results are the same

Explanation: The tools used in penetration testing depend on the type of testing to be done. Network infrastructure penetration test might include tools for sniffing or manipulating traffic, flooding network devices, and bypassing firewalls and IPSs.

Explanation: The tools used in penetration testing depend on the type of testing to be done. Application-based penetration tests might include tools explicitly built for scanning and detecting web vulnerabilities and manual testing tools such as interception proxies.

Explanation: The tools used in penetration testing depend on the type of testing to be done. Wireless infrastructure penetration tests might use tools to crack wireless encryption, de-authorize network devices, and perform on-path attacks (also called man-in-the-middle attacks).

Explanation: For testing the server and client platforms in an environment, several automated vulnerability scanning tools can be used to identify things such as outdated software and misconfigurations. For testing the robustness of protocols, fuzzing tools are typically used.

Explanation: Being able to recover your production environment is important for many reasons. When doing penetration testing, the tester will break things no matter what tools are adopted. Sometimes when things are broken, they do not recover without support. Using some virtual environment is ideal as it offers snapshots and restore features for the system state. In such a case that the system cannot be virtualized, having a full backup of the system or environment is required.