Which of the following is a penetration testing method?
A.
Searching the WHOIS database for administrator contact information
B.
Running a port scanner against the target’s network
C.
War driving from a target’s parking lot to footprint the wireless network
D.
Calling the target’s helpdesk, requesting a password reset
Explanation:
A penetration test is a proactive and authorized attempt to evaluate the security of an IT
infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and
application flaws, improper configurations, and even risky end-user behavior. Such assessments
are also useful in validating the efficacy of defensive mechanisms, as well as end-users’
adherence to security policies.
Penetration testing evaluates an organization’s ability to protect its networks, applications,endpoints and users from external or internal attempts to circumvent its security controls to gain
unauthorized or privileged access to protected assets. Test results validate the risk posed by
specific security vulnerabilities or flawed processes, enabling IT management and security
professionals to prioritize remediation efforts. By embracing more frequent and comprehensive
penetration testing, organizations can more effectively anticipate emerging security risks and
prevent unauthorized access to critical systems and valuable information.
Penetration tests are not always technically clever attempts to access a network. By calling the
target’s helpdesk and requesting a password reset, if they reset the password without requiring
proof that you are authorized to request a password change, you can easily gain access to the
network.
To my mind, this is a bit of a trick question
Let’s take a look at types of Penetration Testing Execution Standard (PTES)
PTES defines penetration testing as 7 phases.
• Pre-engagement Interactions
• Intelligence Gathering
• Threat Modeling
• Vulnerability Analysis
• Exploitation
• Post Exploitation
• Reporting
First, let’s eliminate the incorrect answers:
A. Searching the WHOIS database for administrator contact information.
The Whois database is a publicly accessible database containing the owner’s details and contact person of every domain name as well as the name server data. When registering a domain name, your data will be registered in the Whois database.
I do not think that a Pen Tester actually cares who the registered administrator in a whois database is, and that information is actually irrelevant for Pen Testing.
C.War driving from a target’s parking lot to footprint the wireless network .
War driving by definition is a form of attack. It can be used during Pent-Test but it is not a pen-test methodology per se.
It War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere.
Nowhere in the question has it said that we are talking about a wi-fi connection in here.
So this really is a tossup between B & D
Now for a possible answer:
B.Running a port scanner against the target’s network
That sounds plausible. Yet, is this considered to be Pen-Testing or Vulnerability Scanning? This is in fact a vulnerability scan. A vulnerability scan (or even a vulnerability assessment) looks for known vulnerabilities in your systems and reports potential exposures. A penetration test is designed to actually exploit weaknesses in the architecture of your systems. … This is not to sell vulnerability scans short.
Having said that, and in order to play the devil’s advocate; Port scanning can be used for “Vulnerability Analysis” in Pen-Testing
So the BEST answer is still D.Calling the target’s helpdesk, requesting a password reset
0
0