Glen E. Clarke - CompTIA Pentest+ Certification For Dummies

A threat actor is someone or something that may perform an attack on your systems or environment.

The OWASP Top 10 document is a listing of the ten most common security flaws found in web applications and is a great resource for pentesters.

The four phases to the CompTIA penetration testing process are: planning and scoping, information gathering and vulnerability identification, attacks and exploits, and reporting and communication.

1. Bob is using nmap to discover ports that are open on the systems. What form of information gathering is Bob performing?

(A)Vulnerability identification

(B)Active information gathering

(C)Vulnerability scanning

(D)Passive information gathering

2. What type of penetration test involves the tester being given no information about the target environment?

(A)Unknown-environment test

(B)Known-environment test

(C)Partially known-environment test

(D)All knowledge test

3. What type of reconnaissance involves the tester querying the DNS to discover the DNS names and IP addresses used by the customer?

(A)Vulnerability identification

(B)Active information gathering

(C)Vulnerability scanning

(D)Passive information gathering

4. Which of the following represents a reason to perform a penetration test annually?

(A)Cost

(B)Time

(C)Compliance

(D)Know-how

5. Lisa performed a penetration test on your organization and is creating the report. What should Lisa be sure to communicate within the report?

(A)How good Lisa is at hacking

(B)Remediation steps

(C)Signed authorization

(D)Resources used

6. Which of the following is critical to perform during the planning and scoping phase of the penetration test?

(A)Port scan

(B)Vulnerability scan

(C)Summary of remediation steps

(D)Obtain written authorization

7. What type of penetration test involves giving the tester only the IP addresses of the servers that you wish to be tested?

(A)Unknown-environment test

(B)Known-environment test

(C)Partially known-environment test

(D)All knowledge test

8. What is the third phase of the CompTIA penetration testing process?

(A)Attacks and exploits

(B)Reporting and communication

(C)Planning and scoping

(D)Information gathering and vulnerability identification

9. What threat actor has limited knowledge of the attacks being performed and typically just runs prebuilt tools to perform the attack?

(A)APT

(B)Script kiddie

(C)Hacktivist

(D)Insider threat

10. You are part of the team within your organization that performs the attacks during the penetration test. What is the name for your team?

(A)Blue team

(B)Black team

(C)White team

(D)Red team

11. What OWASP Top 10 security flaw is a result of an application not employing encryption technology to protect data in storage or data at rest?

(A)Injection

(B)Sensitive Data Exposure

(C)Broken Authentication

(D)Broken Access Control

1 B. Bob is performing active reconnaissance, or active information gathering, when using a port scanner to discover ports that are open on a system. See “ Information gathering and vulnerability identification .”

2 A. An unknown-environment test (black box test) is when the pentester is given no knowledge of the environment being tested. Review “Pentest strategy.”

3 D. Passive reconnaissance, or passive information gathering, is when the pentester uses public Internet resources to discover information about the target. Check out “ Information gathering and vulnerability identification .”

4 C. Organizations may be governed by regulations that force a company to perform penetration tests on a regular basis in order to be compliant. Peruse “ Reasons for a pentest .”

5 B. The purpose of the penetration test is to better the security of the organization. Therefore, it is critical the report contains remediation steps on how to improve the security of vulnerable systems. Take a look at “ Reporting and communication .”

6 D. It is imperative that you get written authorization to perform the penetration test before doing any testing. Also, be sure to get written authorization from an authorized party such as the business owner or an upper-level manager. It is not enough to get authorization from a local manager. Peek at “ Planning and scoping .”

7 C. A partially known-environment test (gray box test) involves giving limited information to the tester so that the tester is more focused on specific targets during the pentest. Look over “Pentest strategy.”

8 A. The third phase of the CompTIA penetration testing process is attacks and exploits. Study “ Looking at CompTIA’s Penetration Testing Phases .”

9 B. A script kiddie has limited technical knowledge of the details of the attack and simply runs the tools that are already created. Peek at “ Threat actors and threat models .”

10 D. The red team is the name of the penetration testing team that simulates the attacks, while the blue team tries to detect and defend against those attacks. Peek at “ Types of assessments .”

11 B. Sensitive Data Exposure (2017 OWASP) is now known as Cryptographic Failures (2021 OWASP) and involves flaws of not protecting sensitive data from unauthorized individuals due to lack of encryption technology. Peek at “Open Web Application Security Project (OWASP).”

Chapter 2

EXAM OBJECTIVES

Understanding key legal concepts

Scoping the project and identifying the rules of engagement

Defining targets and ensuring acceptance to risk

Scheduling and handling scope creep

Good penetration testers know that before starting a penetration test, they must spend time with the customer scoping out the project and setting the rules of engagement. Planning and scoping is a critical phase of the pentest process, as too often penetration testers dive right into trying to compromise systems without giving any thought to the ramifications of their actions. Not planning the penetration test properly can result in crashing the customer’s systems or network (causing loss in production and revenue) and triggering intrusion detection systems. A lack of planning can also create legal problems due to a failure to obtain proper authorization to perform the penetration test.