COURSE 5 – PENETRATION TESTING, INCIDENT RESPONSE AND FORENSICS
Module 1: Penetration Testing
IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE
Complete Coursera Study Guide
INTRODUCTION – Penetration Testing
In this module, you’ll grasp the significance of comprehending penetration testing, familiarize yourself with its various phases, and explore the assortment of tools accessible for conducting penetration testing.
Learning Objectives
- Discuss the components of a penetration test report’s executive summary and technical review
- Describe commonly exploited vulnerabilities
- Summarize what happens in each step of the attack phase of pentesting
- Describe methods for the discovery phase of pentesting
- Define vulnerability analysis and explain its role in pentesting
- Contrast open box, closed box, and gray box approaches to pentesting
- List directives that pentesters and clients should document in the planning phase of pentesting
- Describe each component of the planning phase of pentesting
- Summarize common approaches to pentesting
- Define pentesting and explain its importance
- Describe industry-leading tools used for pentesting
PLANNING AND DISCOVERY KNOWLEDGE CHECK
1. What type of scan can be conducted to determine what possible exploits exist given the client’s environment?
- Port Scan
- Document Scanning
- Anti-Virus Scan
- Vulnerability Scan (CORRECT)
2. Which three (3) forms of discovery can be conducted offline?
- Packet Sniffing
- Shoulder Surfing (CORRECT)
- Dumpster Diving (CORRECT)
- Social Engineering (CORRECT)
Partially correct!
3. Network Mapping, Port Scanning, and Password Cracking are all forms of what type of discovery?
- Offline
- Active (CORRECT)
- Passive
- Neutral
4. True or False: The Planning phase is considered a formality and can be skipped as long as you have the verbal agreement of the client.
- True
- False (CORRECT)
ATTACK AND REPORTING KNOWLEDGE CHECK
1. What level of access is ideal for a penetration tester to achieve in order to exploit a system?
- Standard
- Admin/Root (CORRECT)
- Guest
- Advanced
2. Which of the following is NOT a common type of vulnerability?
- Misconfigurations
- Race Conditions
- Incorrect File and Directory Permissions
- Phishing (CORRECT)
3. Which portion of the pentest report gives a step by step account of how and why each exploit was conducted?
- Executive Summary
- Rules of Engagement
- Recommendations for Remediation
- Technical Review (CORRECT)
PENETRATION TESTING TOOLS
1. Which tool lets you log network traffic and analyze it?
- Nmap
- John the Ripper
- Metasploit
- Wireshark (CORRECT)
2. Which software serves as toolbox, providing access to hundreds of other tools and resources?
- Wireshark
- Hack the Box
- John the Ripper
- Kali Linux (CORRECT)
3. Which tool is used primarily for password cracking?
- Kali Linux
- Nmap
- John the Ripper (CORRECT)
- Metasploit
PENETRATION TEST GRADED QUIZ
1. Which of the following is NOT a phase of a penetration test?
- Discovery
- Attack (CORRECT)
- Reviewing
- Planning
2. In which phase of penetration testing do you recommend solutions to address any exploited vulnerabilities?
- Planning
- Discovery
- Attack
- Reporting (CORRECT)
3. Which portion of the pentest report gives a high level detail of how the test went and what goals were accomplished?
- Executive Summary (CORRECT)
- Scope Worksheet
- Technical Report
- Risk Analysis
4. Throughout the attack phase of a pentest, you may need to revisit which other phase as you gain further access into a system?
- Reporting
- Discovery (CORRECT)
- Exploitation
- Planning
5. What method of gathering information can be used to get information about a website that is not readily available?
- Phishing
- Social Engineering
- Port Scanning (CORRECT)
- Google Dorking
6. Which two (2) privacy laws do you need to take into consideration when potentially gaining access to private customer information?
- Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
- General Data Protection Regulation (GDPR) (CORRECT)
- Health Insurance Portability and Accountability Act (HIPPA) (CORRECT)
- Distributed Denial of Service (DDoS)
7. Guessing passwords or running a password cracking software engages in what type of attack to gain access to a system?
- Brute Force (CORRECT)
- Hash
- Passive Agressive
- Persistent
8. What document would protect the privacy of your client and their customers?
- Rules of Engagement (RoE)
- Scope Worksheet
- Non Disclosure Agreement (NDA) (CORRECT)
- Press Release
9. Gaining access to a system can occur in which two phases?
- Planning and Discovery
- Discovery and Reporting
- Discovery and Attack (CORRECT)
- Planning and Attack
10. Conducting a pentest as if you were an external hacker with no resources is known as what type of test?
- Grey Box
- Red Hat
- White Box
- Black Box (CORRECT)
CONCLUSION – Penetration Testing
To conclude, this module has provided a comprehensive understanding of penetration testing, covering its importance, phases, and the array of tools at your disposal. Armed with this knowledge, you’re better equipped to assess and enhance the security posture of your systems and networks.
Subscribe to our site
Get new content delivered directly to your inbox.
Quiztudy Top Courses
Popular in Coursera
- Google Advanced Data Analytics
- Google Cybersecurity Professional Certificate
- Meta Marketing Analytics Professional Certificate
- Google Digital Marketing & E-commerce Professional Certificate
- Google UX Design Professional Certificate
- Meta Social Media Marketing Professional Certificate
- Google Project Management Professional Certificate
- Meta Front-End Developer Professional Certificate
Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!
