Chapter 7 - Questions and Answers
There are two non-government sites that provide list of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site? ♥ A mailing list that often shows the newest vulnerabilities before other sources. ♥ A community-developed list of common software security weaknesses. ♥ A list searchable by mechanisms of attack or domains of attack ♥ A list of standardized identifiers for known software vulnerabilities and exposures
A mailing list that often shows the newest vulnerabilities before other sources.
Which of the following government resources is a directory of known patterns of cyberattacks used by hackers? ♥ CVE ♥ CISA ♥ CAPEC ♥ CWE
CAPEC
Which of the following best describes active scanning? ♥ A scanner tries to find vulnerabilities without directly interacting the the target network ♥ A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws ♥ A scanner is limited to the moment in time that it is running and may not catch vulnerabilities that only occur at other times. ♥ A scanner allows the ethical hacker to scrutinize completed applications when the source code is unknown
A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws
The list of cybersecurity resources below are provided by which of the following government sites? - Information exchange - Training and exercises - Risk and vulnerability assessments - Data synthesis and analysis - Operational planning and coordination - Watch operations - Incident response and recovery ♥ CVE ♥ CWE ♥ CAPEC ♥ CISA
CISA
As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use? ♥ CVSS ♥ CISA ♥ CVE ♥ CAPEC
CVSS
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described? ♥ CWE ♥ NVD ♥ CVE ♥ CISA
CWE
The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan? ♥ Target ♥ Assessment ♥ Classification ♥ Services
Classification
Jessica, an employee, has come to you with a new software package she would like to use. Before your purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to you question? ♥ CVSS ♥ CWE ♥ NVD ♥ CVE
NVD
Which of the following assessment types can monitor and alert on attacks but cannot stop them? ♥ External ♥ Host-based ♥ Vulnerability ♥ Passive
Passive
As you conduct vulnerability scanning, it's important to understand that there are three basic steps in penetration testing. - First, you must locate the live nodes in the network - Second, you must itemize each open port and service in the network - Finally, you test each open port for known vulnerabilities ♥ Penetration ♥ Baseline ♥ Patch level ♥ Stress
Penetration
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use? ♥ Nessus Professional ♥ Retina CS for Mobile ♥ SecurityMetrics for Mobile ♥ Network Scanner
SecurityMetrics Mobile
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses? ♥ The monitoring phase ♥ The remediation phase ♥ The risk assessment phase ♥ The verification phase
The remediation phase
Jaxon, a pentester is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing? ♥ Vulnerability research ♥ Vulnerability scanning ♥ Vulnerability management ♥ Vulnerability assessment
Vulnerability research note: process of discovering vulnerabilities and design flaws that will open an operating system and its applications to attack or misuse.
This type of assessment evaluates deployment and communication between the server and the client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done? ♥ Default Settings ♥ Application flaws ♥ Buffer overflows ♥ Open services
Application flaws
Which of the following are the three metrics used to determine a CVSS score? ♥ Risk, temporal, and severity ♥ Base, change, environmental ♥ Risk, change, and severity ♥ Base, temporal, and environmental
Base, temporal, and environmental
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators? ♥ Passive assessment ♥ Host-based assessment ♥ External assessment ♥ Wireless network assessment
Host-based assessment
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose those weaknesses? ♥ Passive assessment ♥ Host-based assessment ♥ External assessment ♥ Vulnerability assessment
Vulnerability assessment *note: refers to identifying weaknesses in an organization infrastructure, including its operating system, web applications and web server
Which of the following would be the best open-source tool to use if you are looking for a web server scanner? ♥ Nikto ♥ OpenVAS ♥ Nessus ♥ NetScan
Nikto
Which of the following best describes the verification phase of the vulnerability management life cycle? ♥ Is critical to ensure that organizations have monitoring tools in place and have regularly scheduled vulnerability maintenance testing. ♥ Communicate clearly to management what your findings and recommendations are for locking down systems and patching problems. ♥ Proves your work management and generates verifiable evidence to show that your patching and hardening implementations have been effective. ♥ Protect the organization from its most vulnerable areas first and then focus on less likely and less impactful areas.
Proves your work management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report? ♥ An antivirus scanner ♥ A port scanner ♥ A malware scanner ♥ A vulnerability scanner
A vulnerability scanner
Which of the following includes a list of resolved vulnerabilities? ♥ Security vulnerability summary ♥ Statistical vulnerability report ♥ Statistical vulnerability summary ♥ Security vulnerability report
Security vulnerability summary
Which of the following solutions creates the risk that a hacker might gain access to the system? ♥ Tree-based ♥ Service-based ♥ Inference-based ♥ Product-based
Service-based
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in? ♥ Verification ♥ Create a baseline ♥ Risk assessment ♥ Remediation
Risk assessment
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from Github. Which of the following is the correct nmap command to run? ♥ nmap -sC vulners -sV 10.10.10195 ♥ nmap -sC nmap-vulners -sV 10.10.10.195 ♥ nmap --script nmap-vulners -sV 10.10.10.195 ♥ nmap -script vulners -sV 10.10.10.195
nmap --script nmap-vulners -sV 10.10.10.195 *note: the --script switch performs a script scan using the comma-separated list of filenames, script categories, and directories.
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do? ♥ Define the effectiveness of the current security policies and procedures ♥ Decide the best times to test to limit the risk of having shutdowns during peak business hours ♥ Create reports that clearly identify the problem areas to present to management ♥ Choose the best security assessment tools for the system you choose to test
Define the effectiveness of the current security policies and procedures
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them understand? ♥ They need a plan of action to control weaknesses and harden systems ♥ The risks associated with enforcing security procedures and what threats may have been overlooked ♥ How to define the effectiveness of the current security policies and procedures ♥ Hackers have time on their side, and there will always be new threats to security.
Hackers have time on their side, and there will always be new threats to security
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern? ♥ Tree-based ♥ Inference-based ♥ Product-based ♥ Service-based
Inference-based
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: ♥Inspecting physical security ♥Checking open ports on network devices and router configurations ♥Scanning for Trojans, spyware, viruses, and malware ♥Evaluating remote management processes ♥Determining flaws and patches on the internal network systems, devices and servers Which of the following assessments tests is being performed? ♥ Passive Assessment ♥ External Assessment ♥ Active Assessment ♥ Internal Assessment
Internal Assessment
Which of the following best describes Qualys Vulnerability Management assessment tool? ♥ It scans for more than 6,000 files and programs that can be exploited ♥ It is a cloud-based service that keeps all of your data in a private virtual database ♥ It scans for known vulnerabilities, malware and misconfigurations ♥ It has more than 50,000 vulnerability tests with daily updates
It is a cloud-based service that keeps all of your data in a private virtual database
Clive, a penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use? ♥ Nikto ♥ Nessus ♥ Retina CS ♥ NetScan
Nessus
