Which of the following correctly lists the typical phases of a penetration test in the right order?
Think about the logical order starting from information gathering to final documentation.
The standard penetration testing methodology starts with Reconnaissance (gathering information), then Scanning (identifying vulnerabilities), followed by Gaining Access (exploiting vulnerabilities), Maintaining Access (to simulate persistent threats), and finally Reporting (documenting findings).
What is the main goal of the reconnaissance phase in penetration testing?
Think about what you do before trying to break in.
Reconnaissance is about collecting information such as IP addresses, domain details, and network infrastructure to understand the target better before attempting any attacks.
Why is the maintaining access phase important in penetration testing?
Consider what attackers try to achieve after gaining access.
Maintaining access simulates how an attacker might stay inside a system without being detected, which helps organizations understand risks related to persistent threats.
Which statement best differentiates passive reconnaissance from active reconnaissance in penetration testing?
Think about whether the target knows you are gathering information.
Passive reconnaissance collects data from public sources or third parties without interacting with the target system, while active reconnaissance involves scanning or probing the target directly, which may alert them.
Why is the reporting phase considered critical in the penetration testing methodology?
Think about the purpose of sharing results with the client.
The reporting phase summarizes all findings, explains risks, and suggests how to fix vulnerabilities. This helps organizations strengthen their defenses based on the test results.