If you were to hired to conduct a strict penetration test for a company how woul
ID: 3731708 • Letter: I
Question
If you were to hired to conduct a strict penetration test for a company how would you answer these briefly? A. What information do we need to gather in order to conduct our penetration test? (Domain names, server names, Internet service provider information, IP addresses of host, number of employees, etc.) B. What types of scanning will we need to perform? (Network Discover, Network survey, Network scanning, etc.) C. What is the general timeframe for performing reconnaissance? (One hour one day, etc.) D. What tools will we need to perform these scans? (Nmap, Nessus, etc.)Explanation / Answer
Ans.1. We will need the information about network and domain names, mail servers of school, IP addresses of the machines running, ISP information, etc.
Ans.2 We will be doing network scanning, static scanning -> inspecting the code of an application to estimate its behaviour, dynamic scanning -> Testing an application's code when its running to find vulnerabilities in it, Firewall scanning, etc.
Ans 3. Network reconnaissance is a process to gather vulnerabilities in the victim's system. It is not easy to find a vulnerability. So, reconnaissance can got upto days, weeks and even months depending on the complexity of the system.
On an average, it takes 1-2 days to do so.
Ans.4 The tools to be used are: