Final Exam: Penetration Tester

WHAT YOU WILL LEARN

• 

  Compare vulnerability to penetration testing and describe the function of each
  

  describe cryptography and its four goals
  

  identify how to translate penetration testing results into a formalized report that can be used for the end-user awareness program
  

  describe various complex security controls and how they are implemented, including industrial and government security controls and baselines
  

  recognize wireless security technologies such as wep, wpa/2/3, and the vulnerabilities they have that could be exploited
  

  capture and analyze network traffic using wireshark
  

  recognize the built-in sniffing capabilities of wi-fi used for penetration testing
  

  describe penetration testing tools that are used by professional hackers
  

  differentiate between malware types and recognize some of the consequences of using targeted malware
  

  describe the steps necessary to implement a physical penetration testing program and the phases of penetration testing
  

  describe what should be documented during a penetration test and why it is important
  

  describe the different categories of findings
  

  describe active information gathering along with methods and techniques for collecting information
  

  describe the cis critical security controls and how they are implemented
  

  step through the process to perform rough ap analysis
  

  identify the role of human error in causing data breaches
  

  describe the common types of penetration and the importance of testing each type
  

  describe defensive and quick win controls for the major control types, how they are compromised, and steps for root cause analysis
  

  investigate security controls when one fails and describe how to mitigate the outcome
  

  identify the business need to provide wi-fi access for internal employees and external partners and recognize the categories of wireless threats that can compromise networks
  

  identify the vulnerabilities and processes used to undermine an unsecured wi-fi hotspot
  

  recognize how to choose a password cracking technique
  

  describe how to assess security controls, including establishing security metrics for risk management framework and reporting
  

  differentiate between symmetric and asymmetric cryptography
  

  describe passive information gathering and methods for collecting information
  

  describe the processes used to undermine a wi-fi client's vulnerabilities
  

  describe common client-side attacks such as cross-site scripting attacks and methods to help prevent them
  

  describe the importance of physical penetration testing and why organizations must perform penetration testing
  

  describe how to protect sensitive data with security testing and the five penetration testing rules of engagement
  

  describe the rules of engagement and how they are used
• 

  differentiate between scanning and enumeration
  

  recognize social engineering attacks, and how to they relate to penetration testing
  

  describe user privilege escalation and methods that can be used to protect your system from security attacks
  

  identify penetration testing types and describe their reliance on end-user behavior
  

  outline the steps used to perform a denial of service attack against a wireless network
  

  describe how to find a vulnerability using scanners and other techniques
  

  describe the purpose and results of dumpster diving and how to protect against this form of attack
  

  identify how to recognize and prevent tailgating and recognize the risks that it exposes
  

  describe the importance of working with management to conduct further testing after recommendations are implemented
  

  describe the goals of social engineering penetration tests
  

  describe tips and tricks for preventing social engineering attacks
  

  describe security controls in relation to the overall nist cybersecurity framework and how security controls are relevant in secops
  

  describe the importance of setting stopping points and when to stop a penetration test
  

  describe the role of end-user awareness in preventing cybersecurity attacks and during penetration testing
  

  describe when to use security controls and how they are enforced
  

  describe the cause of buffer overflow and how this exploit can be used for attacks
  

  describe various areas where security controls are commonly used
  

  describe how to perform social engineering penetration testing
  

  describe white box penetration testing and why it may be used
  

  describe common web cyber attacks and countermeasures to prevent these attacks
  

  describe grey box penetration testing and why it may be used
  

  identify different lock pick tools and why lock picking is important in cybersecurity
  

  describe the major security control types and the components of a security control
  

  describe what penetration testing is and why it is important to the organization
  

  describe how to set expectations and why it is important
  

  describe black box penetration testing and why it may be used
  

  identify web application security testing methodologies and the five stages of opsec
  

  identify the types of penetration testing and common terminology
  

  describe the limitations of penetration testing and challenges for organizations
  

  list the vulnerabilities of wep security and identify how they can be exploited