An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?
question says " simulates the malicious actions of a former network administrator" . If they wanted to simulate the actions of this network administrator who has all the knoledge about the infrastrucure , then we have to perform White box testing .
If a black-box tester is examining a system from an outsider’s perspective, a gray-box tester has the access and knowledge levels of a user, potentially with elevated privileges on a system. Gray-box pentesters typically have some knowledge of a network’s internals, potentially including design and architecture documentation and an account internal to the network.
https://resources.infosecinstitute.com/topic/what-are-black-box-grey-box-and-white-box-penetration-testing/
C. Grey box.
Here's why:
A grey box penetration test simulates an attack where the tester has some knowledge of the target system's internal workings, similar to a former employee. This knowledge might include things like network diagrams, system configurations, or even some credentials. This level of access is precisely what's needed to simulate a malicious former administrator.
I guess the question is how long ago was he "former" because if it's just yesterday, then it's highly possible that the architecture hasn't changed much, has it? I hope that actual exam doesn't have too much of these type of vague context questions.
White box: White box testing (also known as clear box, open box, or glass box testing) involves complete knowledge of the system, including internal structures, configurations, and source code. This type of testing is most suitable for simulating the actions of a former network administrator because it takes advantage of insider knowledge, which would include detailed information about the network, configurations, and potential vulnerabilities.
Also
Grey box: Grey box testing involves having partial knowledge of the internal workings of the system. The tester has limited knowledge of the environment and uses both external and some internal perspectives to conduct the test. While it can be useful, it does not fully simulate the insider knowledge that a former network administrator would have.
#Shadtech
It makes more sense to go with D. White box as opposed to Grey box. The assumption should be that since he is a former employee, he should know everything within the network. Even if things have changed since the former employee left, it's still a best practice to assume that they know more.
Assuming the system has changed, C. Grey box is "OK". However, if there are no changes since the administrator left, a white box test would provide more information to the tester, so that easier to find vulnerabilities, and the result will be more valid.
From the CISSP Official Study Guide - "White-Box Penetration Test Provides the attackers with detailed information about the systems they target. This bypasses many of the reconnaissance steps that normally precede attacks, shortening the time of the attack and increasing the likelihood that it will find security flaws. These tests are sometimes called "known environment" tests."
D. White box
A white box penetration test simulates the actions of an internal user or administrator who has knowledge of the internal network and systems, similar to a former network administrator.
D. White box
A White box penetration test simulates the actions of an attacker who has knowledge of the internal structure and operation of the system or network. This type of test is also known as an "internal" test.
It is appropriate in this scenario of simulating the malicious actions of a former network administrator, as this person would have knowledge of the internal structure and operation of the network and may have access to privileged information, like credentials, and the knowledge of weak points in the network.
It allows the organization to identify vulnerabilities that an attacker could potentially exploit, and to evaluate the overall security of their network and systems. -source: openai
Is definitely C, don't tell me a former admin is still maintaining his creds and privileges even after employment or even welcomed into the building to even hook anything into any sort of port. But he might still have knowledge of the entire topology to network which is to his advantage while outside.
"simulates the malicious actions of a former network administrator" <<At the time of the malicious activity, was that not white box? If you are simulating what he did while the NA was employed, they would have had full knowledge of the network.
"former" or "old" administrator. Changes has changed since then
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Loveguitar
Highly Voted 2 years, 5 months agojackdryan
1 year, 9 months agoCoolwater
2 years, 3 months agoCoolwater
2 years, 3 months agordy4u
Highly Voted 2 years, 3 months agoeasyp
Most Recent 2 weeks, 1 day agodeeden
6 months, 2 weeks agoChris
7 months, 2 weeks agoCL8282
10 months, 2 weeks agoSoleandheel
1 year, 2 months agoliebeskind
1 year, 9 months agoRVoigt
2 years agoDee83
2 years agooban
2 years, 1 month agorajkamal0
2 years, 1 month agoMann0302
2 years, 3 months agoMrInfoSys
2 years, 4 months agoRollizo
2 years, 4 months ago