Q: Which type of penetration test would only provide the tester with limited information such as the domain names and IP addresses in the scope?

Yes, these elements are part of the OSSTMM (Open Source Security Testing Methodology Manual). The OSSTMM includes various phases and components such as:

1. Workflow: This involves a systematic approach to planning and executing security tests.
2. Maintaining Access: Ensuring access controls and authentication mechanisms are properly tested and validated.
3. Network Mapping: Identifying and documenting the network structure and its components.
4. Trust Analysis: Evaluating the trust relationships and dependencies within the network

FTR (Formal Technical review) is a software quality assurance activity that helps the junior QA testers identify errors, rectify them (if possible) and ensure that the software runs smoothly.

New vulnerabilities are discovered all the time, and it is possible that the application contains vulnerabilities that are not yet known.

A known environment penetration test assesses the security of a system or network where detailed information about the infrastructure, configurations, and assets is readily available to the tester. In this type of test, the tester has prior knowledge of the target environment, mimicking a scenario where an insider or authenticated user attempts to exploit vulnerabilities. This allows for a more focused assessment of specific weaknesses, with the aim of identifying and mitigating potential risks associated with internal threats.

These phases provide a structured framework for conducting security assessments. The Penetration Testing Execution Standard (PTES) includes seven phases: Pre-engagement, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post-exploitation, and Reporting.