1
Q
Vulnerability Assessment vs Penetration Test
A
● Vulnerability Assessment
o Credentialed
● Penetration Test
o Non-credentialed
2
Q
Double-Blind Penetration Test
A
Double-Blind Test
▪ Much like the blind test, except the defenders are not informed about when the attack may occur
3
Q
Scope of Work (SOW)
A
▪ Details the tasks to be performed which will include all the rules of
engagement that will be followed
4
Q
Rules of Engagement (ROE)
A
▪ The ground rules both parties must abide by
● Timeline
● Location
● Time restrictions
● Transparency
● Boundaries
● Test Invasiveness
5
Q
Software Composition Analysis
A
▪ The assessor inspects the source code to try to identify any open source component
CASP+
flashcards
Decks in class (26)
# Cards
-
Section 2: Data Considerations4
-
Section 3: Risk Management4
-
Section 4: Policies and Frameworks12
-
Section 6: Risk Strategies2
-
Section 8: Securing Networks20
-
Section 11: Cloud and Virtualization2
-
Section 12: Software Applications3
-
Section 13: Data Security4
-
Section 14: Authentication and Authorization7
-
Section 15: Cryptography1
-
Section 16: Emerging Technology2
-
Section 17: Enterprise Mobility4
-
Section 18: Endpoint Security Controls6
-
Section 19: Cloud Technologies4
-
Section 20: Operational Technologies7
-
Section 21: Hashing and Symmetric Algorithms4
-
Section 22: Asymmetric Algorithms2
-
Section 23: Public Key Infrastructure12
-
Section 24: Threat and Vulnerability Management5
-
Section 25: Vulnerability Management5
-
Section 26: Risk Reduction5
-
Section 27: Analyzing Vulnerabilities14
-
Section 28: Attacking Vulnerabilities11
-
Section 29: Indicators of Compromise6
-
Section 31: Digital Forensics4
-
Section 32: Digital Forensic Tools22
