Answers to the “Do I Know This Already?” Quizzes and Q&A Sections
Answers to the “Do I Know This Already?” Quizzes
1. a. With a black-box penetration test, the tester is provided with only a very limited amount of information. For instance, the tester may only be provided the domain names and IP addresses that are in scope for a particular target. The idea of this type of limitation is to have the tester take the perspective of an external attacker. Typically, an attacker would first determine a target and then begin to gather information about the target, using public information, and gaining more and more information to use in attacks. The tester would not have prior knowledge of the targets’ organization and infrastructure. ...