5.5 - CompTIA Security+

Attestation

The opinion of truth/conclusion that is associated with an audit.

Audit committee

A group responsible for all of the risk management associated with an organization, and for starting/stopping any internal audits.

Self-assessments

Allows an organization to review its internal processes and procedures to see how well they match organizational requirements.

Physical penetration test

A pentest involving attackers attempting to gain access to the physical facility/devices.

Offensive penetration test

A test designed to evaluate the effectiveness of security controls against unauthorized access, simulating real-world attacks to identify vulnerabilities.

Defensive penetration test

Refers to the defensive/blue team identifying incoming attacks in real time and blocking them.

Integrated penetration test

A holistic approach combining various penetration testing methodologies to evaluate an organization's security operations.

Known environment pentesting

A penetration test where the tester has detailed knowledge about the target system or network.

Partially known environment pentesting

A penetration test where the attacker has limited knowledge about the target system or network and uses reconnaissance techniques to gather information.

Unknown environment pentesting

A penetration test where the tester has little prior knowledge about the target system or network, mimicking an attack from an unknown entity.

Passive reconnaissance

Penetration testing techniques that do not interact directly with target systems (e.g., OSINT, network traffic monitoring).

Active reconnaissance

Penetration testing techniques that interact directly with target systems (e.g., port scanning, DNS enumeration).