Which of the following is penetration test where the penetration tester is provided with limited or no knowledge of the target's information systems?
A. External Testing
B. Internal Testing
C. Blind Testing
D. Targeted Testing
A. External Testing
B. Internal Testing
C. Blind Testing
D. Targeted Testing
Correct Answer: C
Explanation:
Explanation:
Blind Testing refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target. Such a testing is expensive, since the penetration tester has to research the target and profile it based on publicly available information.
For your exam you should know below mentioned penetration types
External Testing -Refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system is usually the Internet
Internal Testing – Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target’s information systems. Such a testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.
Double Blind Testing -It is an extension of blind testing, since the administrator and security staff at the target are also not aware of test. Such a testing can effectively evaluate the incident handling and response capability of the target.
Targeted Testing – Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design.
Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
The following were incorrect answers:
External Testing -Refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system is usually the Internet
Internal Testing – Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Targeted Testing – Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design.
Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
Reference:
CISA review manual 2014 Page number 369
Blind Testing refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target. Such a testing is expensive, since the penetration tester has to research the target and profile it based on publicly available information.
For your exam you should know below mentioned penetration types
External Testing -Refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system is usually the Internet
Internal Testing – Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target’s information systems. Such a testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.
Double Blind Testing -It is an extension of blind testing, since the administrator and security staff at the target are also not aware of test. Such a testing can effectively evaluate the incident handling and response capability of the target.
Targeted Testing – Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design.
Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
The following were incorrect answers:
External Testing -Refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system is usually the Internet
Internal Testing – Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Targeted Testing – Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design.
Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
Reference:
CISA review manual 2014 Page number 369