CompTIA Pentest+ Certification For Dummies. Glen E. Clarke

Чтение книги онлайн.

СКАЧАТЬ on steps to take when performing information security testing and assessments.

      OSSTMM, PTES, and ISSAF

      The Open-Source Security Testing Methodology Manual (OSSTMM) is a methodology for security testing that is maintained by the Institute for Security and Open Methodologies (ISECOM). You can download the OSSTMM document from www.isecom.org/OSSTMM.3.pdf.

      The Penetration Testing Execution Standard (PTES) is a methodology for performing penetration tests. PTES breaks the penetration test down into seven phases: pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. You can learn more about PTES and the technical guidelines to performing a pentest at www.pentest-standard.org/index.php/Main_Page.

The Information Systems Security Assessment Framework (ISSAF) is a methodology that provides technical guidance related to performing a penetration test. There are a number of ISSAF technical documents that discuss a wide range of security assessment categories such as wireless LAN security assessment, Windows security assessments, VPN security assessments, and so on. To see a list of these documents check out the following URL:

       https://sourceforge.net/projects/isstf/files/issaf%20document/issaf0.1

       Be sure to understand the general purpose of each of the security testing methodologies mentioned here. Specifically note MITRE ATT&CK, OWASP Top 10, and PTES.

Reviewing Key Concepts

      This chapter highlights a number of concepts and terminology related to penetration testing that you should be familiar with when preparing for the CompTIA PenTest+ certification exam. Following is a quick review of some of the key points to remember from this chapter:

       Two reasons to conduct a penetration test are to better secure the company assets, or to be compliant with regulations governing your organization.

       You can have a penetration test performed by internal staff or an external third party. If internal staff is used, be sure those conducting the penetration test are not members of the team responsible for managing or configuring the systems being tested.

       You should perform a penetration test annually and be sure to test external and internal assets.

       You can follow several different strategies when performing a penetration test. You can do an unknown-environment test (black box test), for which the pentester is given no information about the target environment. You can do a known-environment test (white box test), for which the pentester is given all of the information about the environment being tested. Or you can do a partially known-environment test (gray box test), for which limited information is given to the pentester to ensure the test is focused and timely.

       A threat actor is someone or something that may perform an attack on your systems or environment.

       The OWASP Top 10 document is a listing of the ten most common security flaws found in web applications and is a great resource for pentesters.

       The four phases to the CompTIA penetration testing process are: planning and scoping, information gathering and vulnerability identification, attacks and exploits, and reporting and communication.

Prep Test

      1. Bob is using nmap to discover ports that are open on the systems. What form of information gathering is Bob performing?

      (A) Vulnerability identification

      (B) Active information gathering

      (C) Vulnerability scanning

      (D) Passive information gathering

      2. What type of penetration test involves the tester being given no information about the target environment?

      (A) Unknown-environment test

      (B) Known-environment test

      (C) Partially known-environment test

      (D) All knowledge test

      3. What type of reconnaissance involves the tester querying the DNS to discover the DNS names and IP addresses used by the customer?

      (A) Vulnerability identification

      (B) Active information gathering

      (C) Vulnerability scanning

      (D) Passive information gathering

      4. Which of the following represents a reason to perform a penetration test annually?

      (A) Cost

      (B) Time

      (C) Compliance

      (D) Know-how

      5. Lisa performed a penetration test on your organization and is creating the report. What should Lisa be sure to communicate within the report?

      (A) How good Lisa is at hacking

      (B) Remediation steps

      (C) Signed authorization

(D) Resources used

      6. Which of the following is critical to perform during the planning and scoping phase of the penetration test?

      (A) Port scan

      (B) Vulnerability scan

      (C) Summary of remediation steps

      (D) Obtain written authorization

      7. What type of penetration test involves giving the tester only the IP addresses of the servers that you wish to be tested?

      (A) Unknown-environment test

      (B) Known-environment test

      (C) Partially known-environment test

      (D) All knowledge test

      8. What is the third phase of the CompTIA СКАЧАТЬ