Penetration Testing
Acronyms
Training and Exercises
Risk Evaluations
RANDOM
100

First step in a pen test

What is to document information about a target system or device.

100

CIA

What is Confidentiality, Integrity, Availability

100

A team that acts as the attacking force.

What is Red team?

100

Categories or risks (DAILY DOUBLE)

What are High, medium, and low?

100

Most popular social media site/app

What is Facebook?

200

Type of tests when a testing team is provided with limited knowledge of the network systems and device

What is a Blind test?

200

NIST

What is the National Institute of Standards and Technology

200

Acts as the network defense team

What is the blue team?

200

Policies, procedures, and work practices that help or prevent a threat or make a threat more likely.

What are operational controls?

200

Kanye West real name

Who is Kanye West?

300

Rules that define how penetration testing should occur (DAILY DOUBLE)

What are rules of engagement?

300

OWASP

What is the Open Web Application Security Project, a non-profit organization that focuses on secure web application development.

300

Group of technicians who referee the encounter between the Red Team and the blue team.

What is the White team?

300

Controls implemented with technology and include items such as firewalls,access lists, permissions on files or folders, and devices that identify and prevent threats.

What are technical controls?

300

He is an average kid that no one understands.(pink hat)

Who is Timmy Turner?

400

A testing team that is provided no knowledge regarding an organizations network, also known as a closed, or black box, testing.

What is a Zero-Knowledge test

400

ARO

What is the annual rate of occurrence, how many times per year a given loss is expected to occur.

400

Places malware where it is safe to probe it and play with it

Sandboxing

400

In addition to the impact of the event when performing qualitative risk evaluation.

What is Likelihood?

400

The creator of Amazon.

Who is Jeff Bezos?

500

Testing team provided with public knowledge regarding the organization's network.

What is a Partial-Knowledge test?

500

PII 

What is personally identifiable information, uniquely identifies an individual, such as address, phone number, email, date of birth, etc.

500

Taking a large document or file and with use of a hashing algorithm, reducing the file to a character string that can be used to verify the integrity of the file.

What is Hashing?

500

Helps prioritize the application of resources to the most critical vulnerabilities

What is Risk assessment matrix?

500

Someone in this LC who is afraid of frogs

Who is Cameron?

M
e
n
u