Question

You are scoping a black box penetration test for a client. The goal is to see whether you can gain access to the information stored on an internal database server. Which information should the client provide you with prior to starting the test?

Answer 1

The client should provide system architecture, access credentials, and internal documentation before starting a black box penetration test for gaining access to an internal database server.

Step-by-step explanation:

Prior to starting the black box penetration test for gaining access to the information stored on an internal database server, the client should provide the following information:

1. System architecture: The client should provide details about the network infrastructure, including the IP addresses, subnets, and firewalls in place.
2. Access credentials: The client should provide valid user credentials, such as usernames and passwords, for the systems being tested.
3. Internal documentation: It is important for the client to share any relevant documentation or system documentation that can help in understanding the server architecture, network topology, and any known vulnerabilities.