Task 2 — Penetration Testing Ethics
Q1. You are given permission to perform a security audit on an organisation; what type of hacker would you be?
Answer: White Hat
Q2. You attack an organisation and steal their data, what type of hacker would you be?
Answer: Black Hat
Q3. What document defines how a penetration testing engagement should be carried out?
Answer: Rules of Engagement
Task 3 — Penetration Testing Methodologies
Q1. What stage of penetration testing involves using publicly available information?
Answer: Information Gathering
Q2. If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.
Answer: OSSTMM
Q3. What framework focuses on the testing of web applications?
Answer: OWASP
Task 4 -Black box, White box, Grey box Penetration Testing
Q1. You are asked to test an application but are not given access to its source code — what testing process is this?
Answer: Black Box
Q2. You are asked to test a website, and you are given access to the source code — what testing process is this?
Answer: White Box
Task 5 -Practical: ACME Penetration Test
Q1. Complete the penetration test engagement against ACME’s infrastructure..
Step1. Read and click next, until you get to 3.Enumeration & Scanning
Step2. Put in text box the IP address gotten while doing Information Gathering and click on “Scan Target”
Step3. Read, understand and get until the last step which is “7. Pentest Report & Clearing-up”
Answer: THM{PENTEST_COMPLETE}
