Preview

UNIT 1 LAB 1 DEVELOP AN ATTACK AND PENETRATION TEST PLAN

Satisfactory Essays
Open Document
Open Document
283 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
UNIT 1 LAB 1 DEVELOP AN ATTACK AND PENETRATION TEST PLAN
1. List the five steps of the hacking process.
2. In order to exploit or attack the targeted systems, what can you do as an initial first step to collect as much information as possible about the targets prior to devising an attack and penetration test plan
3. What applications and tools can be used to perform this initial reconnaissance and probing step?
4. How can social engineering be used to gather information or data about the organizations’ IT Infrastructure?
5. What does the Enumeration step of the Five step hacking process entail and how is it vital to the hackers objective?
6. Explain how an attacker will avoid being detected following a successful penetration attack?
7. What method does an attacker use to regain access to an already penetrated system?
8. As a security professional, you have been asked to perform an intrusive penetration test which involves cracking into the organization’s WLAN for a company. While performing this task, you are able to retrieve the authentication key. Should you use this and continue testing, or stop here and report your findings to the client.
9. Which NIST standards document encompasses security testing and penetrating testing?
10. According to the NIST document, what are the four phases of penetration testing?
11. Why would an organization want to conduct an internal penetration test?
12. What constitutes a situation in which a penetration tester should not compromise or access a system as part of a controlled test?
13. Why would an organization hire an outside consulting firm to perform an intrusive penetration test without the IT department’s knowledge?
14. How does a web application penetration test differ from a network penetration test?
15. Explain both the information systems security practitioner and hacker perspectives for performing a penetration test

You May Also Find These Documents Helpful

  • Satisfactory Essays

    ISSC362 Week 2

    • 645 Words
    • 3 Pages

    The most important step in the fi ve-step hacking process is step 5, where the security practitioner must remediate the vulnerability and eliminate the exploit. What is the name and number of the Microsoft® Security Bulletin?…

    • 645 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    Penetration testing, on Web applications and Web servers is a critical step in ensuring the confidentiality, integrity, and availability (CIA) of the Web application or service. If e-commerce or privacy data is entered into the Web application, the company is bound by compliance laws and standards to ensure the confidentiality of customer data. It is especially critical when the Web application requires customers to input private data.…

    • 575 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Itt 255 IT255 Instructor Lab Manual LABORATORY Instructor Lab Manual IT255 Fundamentals of Information Systems Security Copyright © 2012 Jones & Bartlett Learning, LLC www.jblearning.com All Rights Reserved. Current Version Date: 12/06/2010 -1- IT255 Instructor Lab Manual LABORATORY ISS Curriculum Overview............................................................................................................................. 5 Ethics and Code of Conduct.......................................................................................................................... 6 ISS Mock IT Infrastructure ...........................................................................................................................…

    • 33056 Words
    • 133 Pages
    Satisfactory Essays
  • Satisfactory Essays

    The explosive growth and popularity of the Internet have resulted in thousands of structured query able information sources. Most organizations are familiar with Penetration Testing and other ethical hacking techniques as a means to understanding the current security status of their information system assets. Consequently, much of the focus of research, discussion, and practice, has traditionally been placed upon active probing and exploitation of security vulnerabilities. Since this type of active probing involves interacting with the target, it is often easily identifiable with the analysis of firewall and intrusion detection/prevention device (IDS or IPS) log files.…

    • 501 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Nt1310 Unit 6 Paper

    • 712 Words
    • 3 Pages

    When proceeding with a Penetration test you must specifically authorize access to X party for conducting Y testing on your network. You should specifically lay out details of what the test will include and not include. When it will be done. What systems they will attempt to breech, what indicators will be done to prove the breech. This will protect both you and the Pen testing company incase something happens during the test or in the future. If a report showing how exactly they breeched your network was released to an outside party and they…

    • 712 Words
    • 3 Pages
    Good Essays
  • Better Essays

    [Company] has been contracted to conduct a penetration test against [Organization] external web presence. The…

    • 1355 Words
    • 5 Pages
    Better Essays
  • Good Essays

    Brownfields

    • 547 Words
    • 3 Pages

    5. Let the tests remain in their designated areas for the appropriate amount of time; ensure that the tests are not disturbed by cars, human activity, etc.…

    • 547 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Hacking2E Lab03 AW

    • 563 Words
    • 3 Pages

    The first phase of hacking is the footprinting phase, which is designed to passively gain…

    • 563 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    IS4560

    • 486 Words
    • 2 Pages

    1. Why is it critical to perform a penetration test on a web application prior to production Implementation?…

    • 486 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    Competitive Intelligence

    • 7080 Words
    • 29 Pages

    Corporate America has become oblivious to the information being divulged concerning company trade secrets. Corporate intelligence or company espionage has become an all to commonplace art form. Due to increase pressure to meet production quotas, new product markets, and an increase in stockholder wealth, corporations have changed into a “win at all costs” approach towards business. This organizational behavioral change has created misleading CEO’s, storytelling CFO’s, and cut throat high and mid-tier managers. Companies use boarder line practices to collect information on their competitors to…

    • 7080 Words
    • 29 Pages
    Powerful Essays
  • Better Essays

    Hacking and Hacker

    • 1666 Words
    • 7 Pages

    Hacking is to change computer hardware or software, in order to cause damage to important data on a computer or to simply steal personal information. Computer hackers take help of internet because internet connects the entire computer around the world. A person who attacks to another system with the intent to cause harm, without having any permission from the system owner is called as hacker. There are different types of hacker with different purpose of hacking. Hacking is illegal thing which have lots of effect but somehow hacking is good because it got some benefit. In the following paragraph I am going to discuss about types of hacker, purpose of hacking, effect of hacking, benefit of hacking and ethical hacking. (Beaver & McClure, 2007)…

    • 1666 Words
    • 7 Pages
    Better Essays
  • Powerful Essays

    Network Security

    • 6846 Words
    • 28 Pages

    Note: This is an historic document. We are no longer maintaining the content, but it may have…

    • 6846 Words
    • 28 Pages
    Powerful Essays
  • Satisfactory Essays

    ETHICAL HACKING

    • 263 Words
    • 5 Pages

    • Port Scanning - searching for vulnerabilities in ports • Doxing – gather information about others TYPES OF HACKERS BLACK HAT PROFESSIONAL HACKERS SCRIPT KIDDIES GREY HAT ELITE HACKERS WHITE HAT HACKTIVIST STEPS FOR ETHICAL HACKING Information Gathering Reporting & Documentation Scanning…

    • 263 Words
    • 5 Pages
    Satisfactory Essays
  • Satisfactory Essays

    risk memo

    • 774 Words
    • 4 Pages

    I am writing this memo to inform you that it is my professional opinion that the network in need of a full vulnerability assessment. There are three tools that I believe would be a good fit for penetration testing on this network. They are NMAP, Nessus and Metasploit. I have added brief, yet detailed, descriptions of the three automated penetration testing tools that are on the market. I believe they all have their pros and cons and I will explain the capabilities and costs associated with all three in this memo.…

    • 774 Words
    • 4 Pages
    Satisfactory Essays
  • Powerful Essays

    2. Chakrabati, Anirban and Manimaran, G. (2002), Internet infrastructure security: A Taxonomy, IEEE Network, November/December 2002, P.13.…

    • 1932 Words
    • 8 Pages
    Powerful Essays

Related Topics