There are several types of penetration tests depending upon the scope, objective and nature of a test. Which of the following describes a penetration test where you attack and attempt to circumvent the controls of the targeted network from the outside, usually the Internet?
A. External Testing
B. Internal Testing
C. Blind Testing
D. Targeted Testing
A. External Testing
B. Internal Testing
C. Blind Testing
D. Targeted Testing
Correct Answer: A
Explanation:
Explanation:
External testing refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system, usually the Internet.
For the CISA exam you should know penetration test types listed below:
External Testing -Refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system, usually the Internet
Internal Testing – Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target’s information systems. Such testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.
Double Blind Testing -It is an extension of blind testing, since the administrator and security staff at the target are also not aware of test. Such a testing can effectively evaluate the incident handling and response capability of the target and how well managed the environment is.
Targeted Testing – Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design.
Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
The following were incorrect answers:
Internal Testing – Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target’s information systems. Such a testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.
Targeted Testing – Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design.
Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
Reference:
CISA review manual 2014 Page number 369
External testing refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system, usually the Internet.
For the CISA exam you should know penetration test types listed below:
External Testing -Refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system, usually the Internet
Internal Testing – Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target’s information systems. Such testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.
Double Blind Testing -It is an extension of blind testing, since the administrator and security staff at the target are also not aware of test. Such a testing can effectively evaluate the incident handling and response capability of the target and how well managed the environment is.
Targeted Testing – Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design.
Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
The following were incorrect answers:
Internal Testing – Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target’s information systems. Such a testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.
Targeted Testing – Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design.
Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
Reference:
CISA review manual 2014 Page number 369