Chapter 5
Brian ran a penetration test against a school's grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the schools cybersecurity team to prevent students from engaging in this type of activity.? A. Confidentiality B. Integrity C. Alteration D. Availability
B
Grace would like to determine the operating system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information? A. Port scanning B. Footprinting C. Vulnerability scanning D. Packet capture
B
Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into? A. Low B. Medium C. High D. Critical
B
Which one of the following tools is most likely to detect an XSS vulnerability? A. Static application test B. Web application vulnerability scanner C. Intrusion detection system D. Network vulnerability scanner.
B
Which one of the following security assessment tools is least likely to be used during the reconnaissance phase of a penetration test? A. Nmap B. Nessus C. Metasploit D. Nslookup
C
Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit? A. High B. Medium C. Low D. Severe
C
Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information? A. Contract B. Statement of work C. Rues of engagement D. Lessons learn report
C.
During a penetration test, Patrick deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity? A. Lateral movement B. Privilege escalation C. Footprinting D. OSINT
A
Which element of the SCAP framework can be used to consistently describe vulnerabilities? A. CPE B. CVE C. CVSS D. CCE
B
Gray box testing:
Blend of black/white. Partially known environment.
Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advance. What type of test is Bruce conducting? A. Gray-box test B. Blue-box test C. White-box test D. Black-box test
C
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan? A. Run the scan against production systems to achieve the most realistic results possible B. Run the scan during business hours C. Run the scan in a test environment D. Do not run the scan to avoid disrupting the business.
C
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack? A. AV B. C C. PR D. AC
C
Which one of the following is considered passive reconnaissance? A. Port scans B. Vulnerability scans C. WHOIS lookups D. Footprinting
C
Which one of the following security assessment techniques assumes that an organization has already been compromised and searches for evidence of that compromise? A. Vulnerability scanning B. Penetration testing C. Threat hunting D. War driving
C
CVSS:
Common Vulnerability Scoring System, industry standard for assessing the severity of security vulnerabilities
White box test:
Known environment testing, full knowledge of underlying technology
Black Box testing:
Unknown environment, replicate what an attacker would encounter
Kyle is conducting a penetration test. After gaining access to an organizations database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action? A. Privilege escalation B. Lateral movement C. Maneuver D. Persistence
D
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner? A. Domain admin B. Local Admin C. Root D. Read-Only
D