>_COMMAND ZERO
medium
Single Answer
0

NIST Special Publication 800-115, the Technical Guide to Information Security Testing and Assessment, provides NIST's process for penetration testing. Use this image as well as your knowledge of penetration testing to answer the questions. Which of the following is not a part of the discovery phase?

Answer Options

A

Hostname and IP address information gathering

B

Service information capture

C

Dumpster diving

D

Privilege escalation

Correct Answer: D

Explanation

Privilege escalation occurs during the attack phase of a penetration test. Host and service information gathering, as well as activities like dumpster diving that can provide information about the organization, its systems, and security, are all part of the discovery phase.

View Reference Material