29 Jan Practice Test Question-Penetration Testing Techniques
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Alan is conducting a penetration test and gains access to an application server. During his attack, he creates a new administrative account on the server that he can use to access the system through its standard user interface.
What testing goal is Alan hoping to achieve with this action?
C. Lateral Movement
Correct Answer: D
Alan is providing himself with a way to access the system at a later date through alternative channels. This is an example of persistence, allowing his access to the system to remain intact even if the original vulnerability he exploited is later patched. Pivoting and lateral movement are techniques where the attacker gains access to one system and then uses that access to gain access to other systems. That’s not what’s happening here. Finally, cleanup occurs when the attacker removes traces of their presence from the network. That hasn’t yet happened in this scenario.