Across
- 4. A type of test that attempts to exploit vulnerabilities just as a threat actor would
- 6. A tool that identifies vulnerabilities in operating systems and application software
- 8. A frequent and ongoing process, often automated, that continuously identifies vulnerabilities and monitors cybersecurity progress
- 10. A vulnerability scan that does not attempt to exploit the vulnerability but only records that it was discovered
- 11. A penetration testing team that enforces the rules of the penetration testing.
- 15. Turning to other systems to be compromised.
- 17. A vulnerability scan that provides no authentication information to the tester
- 19. A penetration testing level in which the testers are given limited knowledge of the network and some elevated privileges
- 20. A penetration testing level in which the testers are given full knowledge of the network and the source code of applications
Down
- 1. A penetration testing team that provides real-time feedback between the Red and Blue Teams to enhance the testing.
- 2. A numeric rating system of the impact of a vulnerability.
- 3. Limitations or parameters in a penetration test
- 5. Moving through a network looking for additional systems threat actors can access from their elevated position
- 7. A scan in which valid authentication credentials, such as usernames and passwords, are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials
- 9. An examination of the software settings for a vulnerability scan
- 12. A penetration testing team that scans for vulnerabilities and then exploits them
- 13. A penetration testing level in which the testers have no knowledge of the network and no special privileges
- 14. A penetration testing team that monitors for Red Team attacks and shores up defenses as necessary
- 16. A vulnerability scan that attempts to employ any vulnerabilities which it finds, much like a threat actor would
- 18. A monetary reward given for uncovering a software vulnerability