MODULE 01: INTRODUCTION TO PENETRATION TESTING TABLE OF CONTENTS Review Questions........................................................................................................................................ 1 Activities ...................................................................................................................................................... 5 Case Projects............................................................................................................................................... 5 REVIEW QUESTIONS 1. What are two other terms for penetration testing? a. Vulnerability testing b. Pen testing c. Ethical hacking d. Blue teaming Answer: b, c Penetration testing is also known as pen testing or ethical hacking and is an authorized series of security-related, non-malicious ―attacks‖ on targets such as computing devices, applications, or an organization‘s physical resources and personnel. 2. The purpose of pen testing is to discover vulnerabilities in targets so that these vulnerabilities can be eliminated or mitigated. a. True b. False Answer: a The purpose of pen testing is to discover vulnerabilities in targets so that the vulnerabilities can be eliminated or mitigated before a threat actor with malicious intent exploits them to cause damage to systems, data, and the organization that owns them. 3. Pen testing should be performed under which of the following circumstances? Choose all that apply. a. A new computer system has been installed. b. A new software system or an update to a software system has been installed. c. Following a regular schedule to make sure no unknown changes have impacted security. d. Performed as dictated by compliance standards such as PCI DSS. Answer: a, b, c, d