Meta Back-End Developer-Penetration Testing Latest updated solved 100%

Penetration Testing - ANSWER (Pentesting) involves simulating attacks to assess the risk associated with potential security breaches. Testers discover and exploit vulnerabilities where possible to assess what attackers might gain after a successful exploitation. Zero-day - ANSWER A vulnerability unpatched by software publishers Social-engineering - ANSWER In the context of information security, refers to the psychological manipulation of people into performing actions divulging confidential information. For the purpose of information gathering, fraud, or system access. Ex. Phishing Internal Penetration Test - ANSWER Insider, malicious employee or attacker who has already breached the perimeter External Penetration Test - ANSWER Simulate an attack via the Internet Pre-engagement Phase - ANSWER Pentesting begins with this, involves talking to the client about their goals for the pentest, mapping out the scope (extent and parameters of the test) and so on. Information-gathering Phase - ANSWER The pentester searches for publicly available information about the client and identifies potential ways to connect to its systems Threat-modeling Phase - ANSWER The tester uses information from the previous phase to determine the value of each finding and the impact to the client if the finding permitted an attacker to break into a system. Allows development of action plan and methods of attack Vulnerability Modeling - ANSWER Done before attacking systems, attempts to discover vulnerabilities in the system that can be taken advantage of in the exploitation phase Post-exploitation Phase - ANSWER The result of the exploitation is leveraged to find additional information, sensitive data, access to other systems and so on Reporting Phase - ANSWER The pentester summarizes the findings for both the executives and technical practitioners Proprietary software - ANSWER Closed source software. Computer science software licensed under exclusive legal right of the copyright holder with the intent that the licensee is given the right to use the software only under certain conditions and