CEH Ch.12 Questions

In which of the following would you find in a final report from a full penetration test? (Choose all that apply.) A. Executive summary B. A list of findings from the test C. The names of all the participants D. A list of vulnerabilities patched or otherwise mitigated by the team

A, B, C. The final report for a pen test includes an executive summary, a list of the findings (usually in order of highest risk), the names of all participants, a list of all findings (in order of highest risk), analysis of findings, mitigation recommendations, and any logs or other relevant files.

Which security assessment is designed to check policies and procedures within an organization? A. Security audit B. Vulnerability assessment C. Pen test D. None of the above

A. A security audit is used to verify security policies and procedures in place.

In which phase of a penetration test is scanning performed? A. Pre-attack B. Attack C. Post-attack D. Reconnaissance

A. All reconnaissance efforts occur in the pre-attack phase.

Which of the following best describes a blue team? A. Security team members defending a network B. Security team members attacking a network C. Security team members with full knowledge of the internal network D. A performance group at Universal Studios in Orlando

A. Blue teams are defense-oriented. They concentrate on preventing and mitigating attacks and efforts of the red team/bad guys.

Which type of security assessment notifies the customer of vulnerabilities but does not actively or intentionally exploit them? A. Vulnerability assessment B. Scanning assessment C. Penetration test D. None of the above

A. Vulnerability assessments (a.k.a. security audits) seek to discover open vulnerabilities on the client's systems but do not actively or intentionally exploit any of them.

Which of the following would be a good choice for an automated penetration test? (Choose all that apply.) A. nmap B. Netcat C. Core Impact D. CANVAS

C, D. Core Impact and CANVAS are both automated, all-in-one test tool suites capable of performing a test for a client. Other tools may be used in conjunction with them to spot vulnerabilities, including Nessus, Retina, SAINT, and Sara.

A security staff is preparing for a security audit and wants to know if additional security training for the end user would be beneficial. Which of the following methods would be the best option for testing the effectiveness of user training in the environment? A. Vulnerability scanning B. Application code reviews C. Sniffing D. Social engineering

D. Social engineering is designed to test the human element in the organization. Of the answers provided, it is the only real option.

Which of the following best describes a red team? A. Security team members defending a network B. Security team members attacking a network C. Security team members with full knowledge of the internal network D. Security team members dedicated to policy audit review

B. Red teams are on offense. They are employed to go on the attack, simulating the bad guys out in the world trying to exploit anything they can find.

Which of the following tests is generally faster and costs less but is susceptible to more false reporting and contract violation? A. Internal B. External C. Manual D. Automatic

D. Automatic testing involves the use of a tool suite and generally runs faster than an all-inclusive manual test. However, it is susceptible to false negatives and false positives and can oftentimes overrun the scope boundary.

Joe is part of a penetration test team and is starting a test. The client has provided him a system on one of their subnets but did not provide any authentication information, network diagrams, or other notable data concerning the systems. Which type of test is Joe performing? A. External, white box B. External, black box C. Internal, white box D. Internal, black box

D. Joe is on a system internal to the network and has no knowledge of the target's network. Therefore, he is performing an internal, black-box test.

What marks the major difference between a hacker and an ethical hacker (pen test team member)? A. Nothing. B. Ethical hackers never exploit vulnerabilities; they only point out their existence. C. The tools they use. D. The predefined scope and agreement made with the system owner.

D. Pen tests always begin with an agreement with the customer that identifies the scope and activities. An ethical hacker will never proceed without written authorization.