1. List five steps of the hacking process? 1— 2—Scanning 3—Gaining Access 4—Maintaining Access 5—Covering Tracks
2. In order to exploit or attacks the targeted systems, what can you do as an initial first step to collect as much information as possible about the targets prior to devising an attack and penetration test plan?
I would do some reconnaissance such as look tough the trash for info on the network. This would allow me to gather information such as password and user names that may grant me access to their network.
3. What applications and tools can be used to perform this initial reconnaissance and probing steps? Google is a major tool in most hacker’s initial first step. ...view middle of the document...
As a security professional, you have been asked to perform an intrusive penetration test which involves cracking into the organization’s WLAN for a company. While performing this task, you are able to retrieve the authentication key. Should you use this and continue testing, or stop here and report your findings to the client?
Stop here and report it.
9. Which NIST standards document encompasses security testing and penetrating testing?
NIST 800-42 Guideline on Network Security testing
10. According to the NIST document, what are the four phases of penetration testing?
Planning - Discovery - Attack - Reporting
11. Why would an organization want to conduct an internal penetration test?
Penetration testing is really a form of QA that looks for flaws in network architecture and design, operating system and application configuration, application design, and even human behavior as it relates to security policies and procedures.
12. What constitutes a situation in which a penetration tester should not compromise or access a system as part of a controlled penetration...