2. In order to exploit or attack the targeted systems, what can you do as an initial first step to collect as much information as possible about the targets prior to devising an attack and penetration test plan
3. What applications and tools can be used to perform this initial reconnaissance and probing step?
4. How can social engineering be used to gather information or data about the organizations’ IT Infrastructure?
5. What does the Enumeration step of the Five step hacking process entail and how is it vital to the hackers objective?
6. Explain how an attacker will avoid being detected following a successful penetration attack?
7. What method does an attacker use to regain access to an already penetrated system?
8. As a security professional, you have been asked to perform an intrusive penetration test which involves cracking into the organization’s WLAN for a company. While performing this task, you are able to retrieve the authentication key. Should you use this and continue testing, or stop here and report your findings to the client.
9. Which NIST standards document encompasses security testing and penetrating testing?
10. According to the NIST document, what are the four phases of penetration testing?
11. Why would an organization want to conduct an internal penetration test?
12. What constitutes a situation in which a penetration tester should not compromise or access a system as part of a controlled test?
13. Why would an organization hire an outside consulting firm to perform an intrusive penetration test without the IT department’s knowledge?
14. How does a web application penetration test differ from a network penetration test?
15. Explain both the information systems security practitioner and hacker perspectives for performing a penetration test