Domain 6 Security Assessment and Testing

Inhoud verberg
1 πŸ”‘ 1. Key Concepts
2 πŸ“– 2. Deep Dive (Expanded)
2.1 πŸ”Ή Security Assessment vs Testing
2.2 πŸ”Ή Vulnerability Assessment vs Penetration Testing
2.2.1 Vulnerability Assessment
2.2.2 Penetration Testing
2.3 πŸ”Ή Testing Approaches
2.3.1 Black Box
2.3.2 White Box
2.3.3 Gray Box
2.4 πŸ”Ή Security Audits
2.4.1 Types:
2.5 πŸ”Ή Log Management & Monitoring
2.5.1 Examples:
2.5.2 Key concepts:
2.6 πŸ”Ή Continuous Monitoring
2.7 πŸ”Ή Metrics & KPIs
2.7.1 Examples:
2.8 πŸ”Ή Testing Controls
2.9 πŸ”Ή Compliance Validation
3 🧠 3. Manager Mindset
4 ❓ 4. Practice Questions
4.1 1
4.2 2
4.3 3
4.4 4
4.5 5
4.6 6
4.7 7
4.8 8
4.9 9
4.10 10
4.11 11
4.12 12
4.13 13
4.14 14
4.15 15
4.16 16
4.17 17
4.18 18
4.19 19
4.20 20
5 βœ… 5. Answers + Reasoning
5.1 1
5.2 2
5.3 3
5.4 4
5.5 5
5.6 6
5.7 7
5.8 8
5.9 9
5.10 10
5.11 11
5.12 12
5.13 13
5.14 14
5.15 15
5.16 16
5.17 17
5.18 18
5.19 19
5.20 20
6 ⚠️ 6. Exam Traps
7 πŸ”„ 7. Flash Review
8 πŸ“Š 8. Score

πŸ”‘ 1. Key Concepts

  • Security Testing Strategies
  • Vulnerability Assessment vs Penetration Testing
  • Security Audits
  • Log Management & Monitoring
  • Key Performance Indicators (KPI) & Metrics
  • Testing Types (Black, White, Gray Box)
  • Continuous Monitoring
  • Compliance Validation

πŸ“– 2. Deep Dive (Expanded)

πŸ”Ή Security Assessment vs Testing

These are often confused but serve different purposes:

  • Security Assessment
    • Evaluates overall security posture
    • Reviews policies, procedures, and controls
  • Security Testing
    • Actively tests systems for weaknesses
    • Includes technical validation

Why it matters:
Assessment = broad view
Testing = technical validation

πŸ”Ή Vulnerability Assessment vs Penetration Testing

Vulnerability Assessment

  • Identifies known weaknesses
  • Automated tools
  • No exploitation

Penetration Testing

  • Simulates real attack
  • Attempts to exploit vulnerabilities
  • Shows real-world impact

Why it matters:

  • VA = find problems
  • PT = prove impact

Exam insight:
Pen test is more invasive and requires permission.

πŸ”Ή Testing Approaches

Black Box

  • No prior knowledge
  • Simulates external attacker

White Box

  • Full knowledge
  • Internal testing

Gray Box

  • Partial knowledge

Why it matters:
Different approaches simulate different attacker perspectives.

πŸ”Ή Security Audits

  • Formal review of systems and processes
  • Ensures compliance with policies and regulations

Types:

  • Internal audit
  • External audit

Why it matters:
Validates that controls are properly implemented.

πŸ”Ή Log Management & Monitoring

Logs record system activity.

Examples:

  • Login attempts
  • System changes
  • Access events

Key concepts:

  • Centralized logging
  • Log retention
  • Real-time monitoring

Why it matters:
Supports detection, investigation, and compliance.

πŸ”Ή Continuous Monitoring

  • Ongoing assessment of security controls
  • Includes:
    • vulnerability scans
    • log monitoring
    • configuration checks

Why it matters:
Security is not a one-time activity.

πŸ”Ή Metrics & KPIs

Used to measure security effectiveness.

Examples:

  • Number of vulnerabilities
  • Incident response time
  • Patch management speed

Why it matters:
Helps management make informed decisions.

πŸ”Ή Testing Controls

Controls must be tested regularly:

  • Preventive controls
  • Detective controls
  • Corrective controls

Why it matters:
Ensures controls actually work.

πŸ”Ή Compliance Validation

Ensures adherence to regulations:

Examples:

  • GDPR
  • ISO 27001

Why it matters:
Avoids legal and financial consequences.

🧠 3. Manager Mindset

  • Trust but verify controls
  • Test regularly, not once
  • Measure effectiveness with metrics
  • Focus on risk-based testing

πŸ‘‰ Think: Are controls actually working?

❓ 4. Practice Questions

1

What is the purpose of a vulnerability assessment?
A. Exploit systems
B. Identify weaknesses
C. Monitor logs
D. Encrypt data

2

What is penetration testing?
A. Monitoring
B. Exploiting vulnerabilities
C. Logging
D. Backup

3

What is the main difference between VA and PT?
A. Cost
B. Tools
C. Exploitation
D. Monitoring

4

What is black box testing?
A. Full knowledge
B. No knowledge
C. Partial knowledge
D. Monitoring

5

What is white box testing?
A. No knowledge
B. Partial knowledge
C. Full knowledge
D. External test

6

What is gray box testing?
A. No knowledge
B. Partial knowledge
C. Full knowledge
D. Monitoring

7

What is a security audit?
A. Attack
B. Review
C. Monitoring
D. Logging

8

What is the purpose of logging?
A. Encrypt data
B. Record activity
C. Backup data
D. Monitor users

9

What is continuous monitoring?
A. One-time test
B. Ongoing assessment
C. Backup process
D. Encryption

10

What is a KPI?
A. Security tool
B. Measurement metric
C. Encryption method
D. Audit type

11

What is the purpose of penetration testing?
A. Identify vulnerabilities
B. Exploit vulnerabilities
C. Monitor logs
D. Backup systems

12

What is centralized logging?
A. Logs stored locally
B. Logs stored in one location
C. Logs deleted
D. Logs encrypted

13

What is compliance validation?
A. Encryption
B. Monitoring
C. Meeting regulations
D. Backup

14

What is the main goal of testing controls?
A. Speed
B. Verify effectiveness
C. Reduce cost
D. Improve performance

15

What is a preventive control?
A. Detect attack
B. Stop attack
C. Fix attack
D. Log attack

16

What is a detective control?
A. Stop attack
B. Detect attack
C. Fix attack
D. Prevent attack

17

What is a corrective control?
A. Prevent attack
B. Detect attack
C. Fix issue
D. Monitor system

18

What is the BEST approach to security testing?
A. One-time
B. Continuous
C. Annual only
D. None

19

What is the main benefit of metrics?
A. Encryption
B. Measurement
C. Monitoring
D. Logging

20

What is the biggest risk of not testing controls?
A. Cost
B. Failure of controls
C. Performance
D. Storage

βœ… 5. Answers + Reasoning

1

B. Identify weaknesses
Vulnerability assessments scan systems to find known issues but do not exploit them.

2

B. Exploiting vulnerabilities
Penetration testing simulates real attacks to validate impact.

3

C. Exploitation
The key difference is that penetration testing actively exploits vulnerabilities, while assessments do not.

4

B. No knowledge
Black box testing simulates an external attacker with no prior information.

5

C. Full knowledge
White box testing uses full system knowledge for thorough analysis.

6

B. Partial knowledge
Gray box testing combines elements of both black and white box approaches.

7

B. Review
Audits evaluate compliance and effectiveness of controls.

8

B. Record activity
Logs provide evidence of system and user actions.

9

B. Ongoing assessment
Continuous monitoring ensures security is maintained over time.

10

B. Measurement metric
KPIs measure performance and effectiveness of security processes.

11

B. Exploit vulnerabilities
Pen testing demonstrates real-world impact of vulnerabilities.

12

B. Logs stored in one location
Centralized logging improves analysis and monitoring.

13

C. Meeting regulations
Compliance validation ensures legal requirements are met.

14

B. Verify effectiveness
Testing confirms whether controls actually work as intended.

15

B. Stop attack
Preventive controls aim to block attacks before they occur.

16

B. Detect attack
Detective controls identify incidents as they happen.

17

C. Fix issue
Corrective controls restore systems after an incident.

18

B. Continuous
Security testing should be ongoing, not one-time.

19

B. Measurement
Metrics provide data to evaluate and improve security.

20

B. Failure of controls
Untested controls may not work, leading to security failures.

⚠️ 6. Exam Traps

  • Confusing VA vs Pen Test
  • Mixing black/white/gray box
  • Forgetting continuous monitoring
  • Ignoring importance of logs

πŸ”„ 7. Flash Review

  • VA = find
  • PT = exploit
  • Black = none knowledge
  • White = full knowledge
  • Logs = visibility
  • Test continuously

πŸ“Š 8. Score

Score: ___ / 20

  • 16–20 β†’ βœ… Strong
  • 10–15 β†’ ⚠️ Review
  • <10 β†’ ❌ Re-study Domain 6
©J CyberStop