Wikiversity

IT Security/Threats/Testing

< IT Security‎ | Threats

This lesson covers security testing.

Objectives and Skills

edit

Objectives and skills for the security testing portion of Security+ certification include:[1]

Explain the proper use of penetration testing versus vulnerability scanning.
  • Penetration testing<ref>
    • Verify a threat exists
    • Bypass security controls
    • Actively test security controls
    • Exploiting vulnerabilities
  • Vulnerability scanning
    • Passively testing security controls
    • Identify vulnerability
    • Identify lack of security controls
    • Identify common misconfigurations
    • Intrusive vs. non-intrusive
    • Credentialed vs. non-credentialed
    • False positive
  • Black box
  • White box
  • Gray box

Readings

edit

Multimedia

edit
  1. YouTube: Penetration Testing - CompTIA Security+ SY0-401: 3.8
  2. YouTube: Vulnerability Scanning - CompTIA Security+ SY0-401: 3.8

Activities

edit

See Also

edit

References

edit
  1. CompTIA: Security+ Certification Exam Objectives - Exam SY0-401
Retrieved from "https://en.wikiversity.org/w/index.php?title=IT_Security/Threats/Testing&oldid=2345040"