CS6262 - Penetration testing Questions
and answers
Pentesting Methodology - Correct Answers -Footprinting, Scanning, Enumeration,
Gaining Access, Escalating Privileges, Pilfering, Covering Tracks, Creating Back Doors
Footprinting - Correct Answers -Recon and Information gathering; Target IP discovery;
Namespace acquisition; Network topology
Pilfering - Correct Answers -Gather info to allow access of trusted systems
Covering Tracks - Correct Answers -Once total ownership of the target is secured,
hiding this fact from sysadmins becomes paramount
Creating backdoors - Correct Answers -Trap door will be laid in various parts of the
system to ensure that privilege access is easily regained whenever the intruder decides
Events that trigger a pentest - Correct Answers -Added or modified infrastructure
Added or modified applications
End user policies are changed
Security patches are installed
Scanning - Correct Answers -Find target machine, ports, services (versions & configs);
ID related vulnerabilities and focus on most promising
Enumeration - Correct Answers -ID valid user accounts or poorly protected resources
shares; More intrusive probing than scanning
Gaining Access - Correct Answers -ID a vulnerability of the target from scannning;
Exploit the vuln.
Escalating privileges - Correct Answers -If only user-level access was obtained in the
last step, seek to gain complete control of the system
and answers
Pentesting Methodology - Correct Answers -Footprinting, Scanning, Enumeration,
Gaining Access, Escalating Privileges, Pilfering, Covering Tracks, Creating Back Doors
Footprinting - Correct Answers -Recon and Information gathering; Target IP discovery;
Namespace acquisition; Network topology
Pilfering - Correct Answers -Gather info to allow access of trusted systems
Covering Tracks - Correct Answers -Once total ownership of the target is secured,
hiding this fact from sysadmins becomes paramount
Creating backdoors - Correct Answers -Trap door will be laid in various parts of the
system to ensure that privilege access is easily regained whenever the intruder decides
Events that trigger a pentest - Correct Answers -Added or modified infrastructure
Added or modified applications
End user policies are changed
Security patches are installed
Scanning - Correct Answers -Find target machine, ports, services (versions & configs);
ID related vulnerabilities and focus on most promising
Enumeration - Correct Answers -ID valid user accounts or poorly protected resources
shares; More intrusive probing than scanning
Gaining Access - Correct Answers -ID a vulnerability of the target from scannning;
Exploit the vuln.
Escalating privileges - Correct Answers -If only user-level access was obtained in the
last step, seek to gain complete control of the system
