Penetration testing (also called pen testing) is the practice of testing a computer system, network,
or Web application to find vulnerabilities that an attacker could exploit. Which of the following
areas can be exploited in a penetration test? Each correct answer represents a complete solution.
Choose all that apply.
A.
Kernel flaws
B.
Information system architectures
C.
Race conditions
D.
File and directory permissions
E.
Buffer overflows
F.
Trojan horses
G.
Social engineering
Explanation:
Penetration testing (also called pen testing) is the practice of testing a computer
system, network, or Web application to find vulnerabilities that an attacker could exploit. Following
are the areas that can be exploited in a penetration test: Kernel flaws: Kernel flaws refer to the
exploitation of kernel code flaws in the operating system. Buffer overflows: Buffer overflows refer
to the exploitation of a software failure to properly check for the length of input data. This overflow
can cause malicious behavior on the system. Race conditions: A race condition is a situation in
which an attacker can gain access to a system as a privileged user. File and directory
permissions: In this area, an attacker exploits weak permissions restrictions to gain unauthorized
access of documents. Trojan horses: These are malicious programs that can exploit an
information system by attaching themselves in valid programs and files. Social engineering: In this
technique, an attacker uses his social skills and persuasion to acquire valuable information that
can be used to conduct an attack against a system.