CompTIA® Security+ Exam Notes : Explain Penetration Testing Concepts

1. Threats, Attacks and Vulnerabilities

1.4 Explain penetration testing concepts

Penetration Testing: A method of evaluating security by simulating an attack on a system

Penetration testing can be conducted using various techniques classified by the following terms

Blackbox : In this type of test assessor has no knowledge of the inner workings of the system or the source code. The assessor simply tests the application for functionality.

Whitebox : In this type of testing assessor has knowledge of the inner workings of either the system or the source code.

Graybox : This type of testing combines white and black box techniques. The tester has some limited knowledge of the inner workings

Vulnerability scanning can be done in either a credentialed or non-credentialed manner. The difference is that a credentialed vulnerability scan uses actual network credentials to connect to systems and scan for vulnerabilities. Non-credentialed scans are very useful tools that provide a quick view of vulnerabilities by only looking at network services exposed by the host.

Vulnerability Scanning: A vulnerability scanner can execute intrusive or non-intrusive tests. An intrusive test tries to exercise the vulnerability, which can crash or alter the remote target. A non-intrusive test tries not to cause any harm to the target. A crash or degradation of the service is only a side effect of an intrusive test, not a goal.

Passive reconnaissance: It is the process of collecting information about an intended target without the target knowing what is occurring. Typical passive reconnaissance can include physical observation of an enterprise's building, sorting through discarded computer equipment in an attempt to find equipment that contains data or discarded paper with usernames and passwords, eavesdropping on employee conversations, etc.

Active reconnaissance: The process of collecting information about an intended target of a malicious hack by probing the target system. Active reconnaissance typically involves port scanning in order to find weaknesses in the target system. The process of exploiting the system can then be carried out once the hacker has found a way to access the system. Tools such as port scans, traceroute information, and network mapping are used to find weaknesses in the target system

Pivot: The attacker starts by sending a phishing email from outside of the organization. Once he gained access to the victim's machine, he does his info gathering and then uses that info to look as if he's a normal user on the network moving to the real target. He jumps from one target to another, thus making the earlier victim as a pivot to reach the real target.

Persistence: In persistence, the attacker does not limit their attack to a limited time. Instead, they watch and wait, looking for an opening to strike the target system. When one presents itself, they take penetrate the victims system. Afterwards, the attacker will continue to monitor the target network for further vulnerabilities.


When conducting a penetration testing on a Company network, it is important that a network administrator take permission from the manager or owner so that he is not blamed with any suspicious activity. The activity of the technician or network admin should be consistent with the company security policy.

Previous   Contents   Next

Security+ Cram Notes Contents
certexams ad

simulationexams ad