IB Computer Science P3 Vocab

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/29

flashcard set

Earn XP

Description and Tags

Vocabulary for IB Computer Science Paper 3 M26 & N26

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

30 Terms

1
New cards

What is PTES/PenTES?

Penetration Testing Execution Standard

2
New cards

What is PenTES for?

A framework for conducting penetration testing; a structured approach to testing and reporting results

3
New cards

How many phases in PenTES?

7 phases

4
New cards

Phase 1 is…?

Pre-engagement interactions

5
New cards

What happens in phase 1?

Preperation, getting document approvals, putting together needed tools

6
New cards

Why is phase 1 important?

Needed so that testing aligns with security needs and operational requirements of system

7
New cards

Aspects of Phase 1

1.1 - Goal setting and identifying targets

1.2 - Defining scope and rules of engagement

1.3 - Testing approaches

8
New cards

1.1 Goal setting and identifying targets

Objectives established after finding key concerns; specific targets and high risk areas identified

9
New cards

1.1 Examples of key concerns

Patient data integrity

Uninterrupted service delivery

Compliance with health sector regulations

10
New cards

1.1 Examples of high risk areas

Patient record databases

IoT enabled medical devices

11
New cards

1.2 Defining scope and rules of engagement

Confirms which parts of the system are being tested to avoid disruption; rules of engagement agreed upon by team and client to understand methods and extent of PenTES

12
New cards

1.3 Testing approaches

Black box testing

White box testing

Grey box testing

13
New cards

Black box testing

Attack simulated from perspective of an uninformed external hacker, looks at surface level issues

14
New cards

White box testing

Analysis with full in-depth information of client’s system, requires access to network diagrams, system configurations, and known issues

15
New cards

Grey box testing

Mixture of black and white testing, uses partial knowledge of systems. Simulates inside threat or external attack with partial insider info

16
New cards

Phase 2 is…?

Intelligence gathering

17
New cards

What happens in phase 2?

Team collects data from outside sources like social media or official records to be then analysed. Categorised as OSINT.

18
New cards

What is OSINT?

Open-Source Intelligence (Phase 2)

19
New cards

Phase 3 is…?

Threat modelling

20
New cards

What happens in phase 3?

Potential threats and/or vulnerabilities are identified, strategies to stop them are developed.

21
New cards

Phase 4 is…?

Vulnerability analysis

22
New cards

What happens in phase 4?

Vulnerabilities that could be used by a hacker are identified and confirmed

23
New cards

Phase 5 is…?

Exploitation

24
New cards

What happens in phase 5?

Attempts are made to breach the system with vulnerabilities from phase 4.

25
New cards

Phase 6 is…?

Post-exploitation

26
New cards

What happens in phase 6?

If access is gained from phase 5, the focus is now on keeping control of the system and getting data from it.

27
New cards

Phase 7 is…?

Reporting

28
New cards

What happens in phase 7?

Everything prior is documented and presented to the client in a report.

29
New cards

Hacker

Person who breaks into computer systems

30
New cards

Uninterrupted service delivery

No downtime, no interruptions, minimal lag when accessing patient information

Explore top notes

Explore top flashcards