CS-239 > Offensive Cyber Security Testing > Flashcards

Offensive Cyber Security Testing Flashcards

(9 cards)

Study These Flashcards
1
Q

Cyber security risk

A

Cyber Security Risk = f(Threat, Vulnerability, Impact)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

high-level penetration testing process

A
  • Scoping
  • Cyber attack
  • Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Scoping

A

The main aim of penetration test is to find all vulnerabilities within a given scope.

Before proceeding with any hacking, the cyber security organisation and their client must
both be clear on:
* What is going to be tested

  • How it is going to be tested
  • When it is going to be tested
  • Why it is going to be tested
  • Where it is going to be tested
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cyber attack

A

Techniques and methodology depend highly on the outcome of scoping

It may be based on a particular technology, against a target of limited scope, or exclude pertinent techniques

Target may be infrastructure (servers, services, etc.), a website, a mobile app,
hardware, a physical building, or a person

Certain techniques may be prioritised based on the goal of the test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Reporting

A

The value of a penetration test is all in the report

Recipient of the penetration test report can be anyone from business owner (non-specialist) to technical staff who have to implement the recommended changes (specialist)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The types of offensive security testing

A
  • Vulnerability scanning
  • Penetration testing
  • Red teaming
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vulnerability scanning

A
  • Automated tooling to identify all possible vulnerabilities by service versions, within a given scope
  • Does not verify vulnerabilities by exploiting them
  • Conducted frequently by any size organisation to manage vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Penetration testing

A
  • Manual process to identify and exploit all possible vulnerabilities, within a given scope
  • Verifies vulnerabilities by exploiting them
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Red teaming

A
  • Simulate a highly capable adversary conducting an advanced attack on an organisation
  • Aim is to test an organisation’s response and recovery to a cyber attack rather than find vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
CS-239
flashcards
Decks in class (9)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions