nerdexam
GIAC

GSLC · Question #560

GSLC Question #560: Real Exam Question with Answer & Explanation

The correct answer is C. Pre-attack phase. The pre-attack phase is the first stage of a penetration test and is dedicated to reconnaissance and information gathering about the target.

Question

Which of the following penetration testing phases involves reconnaissance or data gathering?

Options

  • AAttack phase
  • BPost-attack phase
  • CPre-attack phase
  • DOut-attack phase

Explanation

The pre-attack phase is the first stage of a penetration test and is dedicated to reconnaissance and information gathering about the target.

Common mistakes.

  • A. The attack phase is where the tester actively exploits discovered vulnerabilities, escalates privileges, and compromises systems - it follows reconnaissance and relies on information already gathered.
  • B. The post-attack phase covers activities after exploitation is complete, including removing tools, restoring system state, and compiling findings into a report.
  • D. 'Out-attack phase' is not a recognized stage in any established penetration testing methodology such as PTES, OWASP Testing Guide, or NIST SP 800-115.

Concept tested. Penetration testing phases - pre-attack reconnaissance

Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice
Which of the following penetration testing phases involves... | GSLC Q#560 Answer | NerdExam