CompTIA Security+ SY0-601 - 1.8 Nyberg Study Guide

Penetration Testing (PenTest) - A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers. White Box Testing - Testing based on an analysis of the internal structure of the component or system. Black Box Testing - Testing, either functional or non-functional, without reference to the internal structure of the component or system. Gray Box Testing - Security testing that is based on limited knowledge of an application's design. Rules of engagement (ROE) - The rules that govern what is allowed and not allowed during a pentest. Lateral movement - Moving from one similar system to another. Privilege escalation - An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. Persistence - The ability of the attacker to maintain a presence over time. Cleanup - Covering tracks through deletion of logs. Bug Bounty - Vendors will pay to have vulnerabilities and exploits discovered in their software. Pivoting - Shifting an attack from one system or technique to another. UAV/Drone - An unmanned aerial vehicle often used for surveillance operations. War flying - The use of drones/UAV or other aerial transport to detect WIFI networks and vulnerabilities. war driving - Searching for wireless signals from an automobile or on foot using a portable computing device. Footprinting - The process of systematically identifying the network and its security posture (usually a passive process).