medium
Single Answer
0NIST Special Publication 800-115, the Technical Guide to Information Security Testing and Assessment, provides NIST's process for penetration testing. Use this image as well as your knowledge of penetration testing to answer the questions. NIST specifies four attack phase steps: gaining access, escalating privileges, system browsing, and installing additional tools. Once attackers install additional tools, what phase will a penetration tester typically return to?
Answer Options
A
Discovery
B
Gaining access
C
Escalating privileges
D
System browsing
Correct Answer: B
Explanation
Once additional tools have been installed, penetration testers will typically return to gaining access. From there they can further escalate privileges, search for new targets or data, and, once again, install more tools to allow them to pivot further into infrastructure or systems.