Which stages are mentioned as part of the testing process?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which stages are mentioned as part of the testing process?

Explanation:
The concept being tested is the typical sequence of actions in a penetration testing engagement: recon, scanning, then exploitation. Recon involves gathering information about the target to understand its footprint and potential attack surfaces. Scanning follows to identify live hosts, open ports, services, and possible vulnerabilities. Exploitation is the step where you attempt to leverage those vulnerabilities to gain access or demonstrate risk. This progression—recon, scanning, exploitation—describes a common, realistic workflow in many test methodologies, which is why that option is the best fit. The alternative that includes Planning, Execution, Review leans more toward project or engagement management rather than the concrete testing steps. The option with Scanning only is incomplete, since it doesn’t cover a begin-to-end testing sequence. The option that lists Recon, Exploitation, Scanning reverses the usual order, since exploitation typically comes after scanning.

The concept being tested is the typical sequence of actions in a penetration testing engagement: recon, scanning, then exploitation. Recon involves gathering information about the target to understand its footprint and potential attack surfaces. Scanning follows to identify live hosts, open ports, services, and possible vulnerabilities. Exploitation is the step where you attempt to leverage those vulnerabilities to gain access or demonstrate risk. This progression—recon, scanning, exploitation—describes a common, realistic workflow in many test methodologies, which is why that option is the best fit.

The alternative that includes Planning, Execution, Review leans more toward project or engagement management rather than the concrete testing steps. The option with Scanning only is incomplete, since it doesn’t cover a begin-to-end testing sequence. The option that lists Recon, Exploitation, Scanning reverses the usual order, since exploitation typically comes after scanning.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy