CTS1120 Ch2
Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test?
A vulnerability scan is usually automated.
What are the primary features of a security information event management (SIEM) tool?
Aggregation, correlation, event deduplication, time synchronization, and alerting
What is the primary goal of penetration testing?
Attempt to uncover deep vulnerabilities and then manually exploit them
Which penetration testing consultants are not given any knowledge of the network nor any elevated privileges?
Black box
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary?
Blue team
Which of the following is a catalog used by vulnerability scanning software to identify vulnerabilities?
Common Vulnerabilities and Exposures (CVE)
What is the primary difference between credentialed and non-credentialed scans?
Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials.
Which of the following is NOT an automated vulnerability scanning tool?
ELK Stack
Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network?
Footprinting
Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges?
Gray box
Which of the following is considered an industry-specific cybersecurity regulation?
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance?
It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed?
Look at the priority and the accuracy of the vulnerability
Which of the following offensive tools can be used by penetration testers post-exploitation or successful compromise of a user account in a network that dumps passwords from memory and hashes, PINs, and Kerberos tickets, and thus are used for privilege escalation attacks?
Mimikatz and hashcat
Keily is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase?
Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations
Which of the following tools can be used to scan 16 IP addresses for vulnerabilities?
Nessus Essentials
What is the fastest-running vulnerability scan, and why does this type of scan run so fast?
Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests.
Which of the following techniques is a method of passive reconnaissance?
Open Source Intelligence (OSINT)
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?
PCIDSS
Which of the following is the advantage of penetration testing over vulnerability scanning?
Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities.
An organization has decided to switch security responsibilities from a third party to internal security personnel due to the recent hike in demand for a provided service. As a result, you have been hired by the organization as a cybersecurity specialist. Which of the following will be your initial action for achieving enhanced security in the organization?
Perform an automated scan on the entire network.
Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats?
Purple team
While examining the results of a vulnerability scan, you are asked to tackle false positives and false negatives to ensure the accuracy of the result. Which of the following actions will you take?
Review logs
Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity?
Risk management framework (RMF)
Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system. Which task should he perform next?
Robert should perform privilege escalation using a high-privileged account next.
Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next?
Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next.
Which of the following technologies can be used together for data management in security infrastructure and collecting and analyzing data.
SIEM and SOAR
A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take?
Scan the most important devices for as long as it takes for each device
Which of the following is a primary difference between a red team and a white team?
The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing.
Which operation is carried out by proactively searching security logs for cyber threats that have thus far gone undetected.
Threat hunting
A vulnerability assessment engineer performed vulnerability scanning on active directory servers and discovered that the active directory server is using a lower version of Kerberos. To alert management to the risk behind using a lower version of Kerberos, he needs to explain what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can the attacker perform after exploiting vulnerabilities in Kerberos?
Use privilege escalation
What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation?
Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data
There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them.
Which of the following is the most efficient means of discovering wireless signals?
War flying