1
Q
Credentialed vs Non-Credentialed (Vulnerability Scan)
A
Credentialed * scanner uses an authorized user or admin account * closer to system admin perspective * deeper scan, more vulnerabilities Non Credentialed * scanner without admin account * closer to hacker perspective
2
Q
Discovery Scan (Vulnerability Scan)
A
- least intrusive (like ping sweep)
* used to create entwork map to show connected devices in architecture
3
Q
Full Scan (Vulnerability Scan)
A
- in depth scan including port, services and vulnerabilities
* easy to see in network traffic when performed
4
Q
Stealth Scan (Vulnerability Scan)
A
- scans by sending SYN packet and then analyzing the response
- if SYN/ACK is received, destination is trying to establish the connection (port is open) and scanner sends RST packet
5
Q
Compliance Scan (Vulnerability Scan)
A
- identify vulnerabilities that may affect compliance with regulations
- commonly setup as a scanning template in vulnerability scanner (like PCI DSS)
CompTIA PenTest+
flashcards
Decks in class (30)
# Cards
-
PenTest Methodologies3
-
Rules of Engagement5
-
White Box Support Resources8
-
Types of Assessments6
-
Open Source Intelligence (OSINT7
-
Vulnerability Scans5
-
Common Attack Techniques7
-
Physical Security Attacks7
-
Network Based Vulnerabilities18
-
Wireless Based Vulnerabilities10
-
Application Based Vulnerabilities12
-
Privilege Escalation (Linux)4
-
Privilege Escalation (Windows)11
-
Privilege Escalation (General)7
-
Lateral Movement9
-
Persistence5
-
Covering Your Tracks4
-
Use Cases For Tools11
-
Scanning Tools5
-
Credential Testing Tools10
-
Debugging Tools5
-
Software Assurance Tools5
-
OSINT Tools8
-
Wireless Tools4
-
Web Proxy Tools2
-
Social Engineering Tools2
-
Remote Access Tools4
-
Networking Tools2
-
Mobile Tools3
-
Miscellaneous Tools6
