D484 PENETRATION TESTING COURSE STUDY GUIDE WESTERN GOVERNORS’ UNIVERSITY.

D484 PENETRATION TESTING COURSE STUDY GUIDE WESTERN GOVERNORS’ UNIVERSITY.
1. Administrative
controls
2. Physical controls
3. Technical or logical controls
4. What is the prisecurity measures implemented to monitor the adherence to organizational policies and procedures. Those
include activities such as hiring and termination policies,
employee training along with creating business continuity
and incident response plans.
restrict, detect and monitor access to specific physical areas or assets. Methods include barriers, tokens, biometrics or other controls such as ensuring the server room
doors are properly locked, along with using surveillance
cameras and access cards.
automate protection to prevent unauthorized access or
misuse, and include Access Control Lists (ACL), and
Intrusion Detection System (IDS)/ Intrusion Prevention
System (IPS) signatures and antimalware protection that
are implemented as a system hardware, software, or
firmware solution.
Reduce overall risk by taking proactive steps to reduce
mary goal of Pen- vulnerabilities.
Testing?
5. Principle of
Least Privilege
Basic principle of security stating that something should
be allocated the minimum necessary rights, privileges, or
information to perform its role.
6. Risk Likelihood and impact (or consequence) of a threat actor
exercising a vulnerability.
7. Threat represents something such as malware or a natural disaster, that can accidentally or intentionally exploit a vulnerability and cause undesirable results.
8. Vulnerability is a weakness or flaw, such as a software bug, system
flaw, or human error. A vulnerability can be exploited by a
threat
9. Risk Analysis is a security process used to assess risk damages that
can affect an organization.