TestOut - CompTIA CySA+ Practice Questions 5.1.18
Xavier is doing reconnaissance using a tool that pulls information from social media postings that were made using location services. He is gathering information about a company and its employees by going through their social media content. What tool is MOST likely being used? A. Echosec B. Maltego C. Google Maps D. Wayback Machine
A. Echosec Explanation Echosec is a tool that can be used to pull information from social media postings that were made using location services. The Wayback Machine is a nonprofit catalog of old site snapshots and may contain information that your target thought they had removed from the internet. Google Maps is a web mapping service that provides a street view of houses, businesses, roadways, and topologies. Maltego is an open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information.
When performing an authorized security audit of a website, you are given only the website address and asked to find other hosts on that network that might be vulnerable to attack. Which of the following tools might be used to lead you to the following Nmap output? (Select two.) A. nslookup B. Echosec C. whois.org D. Maltego E. Google Maps
A. nslookup C. whois.org Explanation You would likely use whois.org to get the name servers for the domain, nslookup for the IP address of the website, and Nmap to get the desired output. Google Maps gives more information about physical addresses than network addresses. Echosec and Maltego are used for social media accounts and post information.
You would like to extend the functionality of the Nmap tool to let you perform tasks such as basic vulnerability detection performance and Windows user account discovery. Which of the following would allow you to extend that functionality? A. OpenVAS B. Qualys C. Nessus D. NSE Scripts
D. NSE Scripts Explanation You can extend the functionality of the Nmap tool by using the Nmap Scripting Engine (NSE) Scripts. These scripts are written in the Lua scripting language (lua.org). Nessus, OpenVAS, and Qualys are all infrastructure vulnerability scanners that let you monitor your networks, systems, and applications for security vulnerabilities.
Iggy, a penetration tester, is conducting an unknown penetration test. She wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be MOST helpful? A. Nslookup B. ARIN C. beSTORM D. Whois
D. Whois Explanation Whois is a utility used to gain information about a target network. It can gather information about ownership, IP addresses, domain name, location, server type, and the date the site was created. ARIN is a website that provides you with information about a network's name, range, origination dates, and server details. Nslookup is a utility used to query DNS servers to obtain information about the host network, including DNS records and host names. beSTORM is a smart fuzzer that finds buffer overflow weaknesses as it automates and documents the process of delivering malicious input. It then watches for unpredicted responses from an application.
A network security engineer provided a report to the operations manager with a large amount of public information that is accessible solely from the company's website. For example, the report shows email addresses and other company phone numbers on a graph that would otherwise be known internally. What tool did the network security engineer most likely use to gather this information with little effort? A. Metasploit B. Maltego C. Recon-ng D. Angry IP scanner
B. Maltego Explanation Maltego is a visualization tool that gathers public information and presents it connected in a graph. It can research and map entities quicker than other tools. The angry IP scanner does not have a graph. Instead, the scanner scans an IP address range to provide network status, open ports, and web detect information, to name a few. Metasploit exploits vulnerabilities on a network. However, gathering information this way may take longer since modern antimalware software will alert and block its attacks. Recon-ng uses the Metasploit framework but focuses primarily on web-based reconnaissance to reveal an organization's subdomains, and software versions, to name a few. This may also involve taking longer to find large amounts of information.
A company has hired a security analyst to perform a comprehensive information gathering and reconnaissance phase of a penetration testing engagement. The analyst needs to use a tool that can automate gathering information about a target and performing reconnaissance on the target network. Which of the following tools is best suited for this task? A. Aircrack-ng B. Recon-ng C. Snort D. Metasploit
B. Recon-ng Explanation Recon-ng automates the reconnaissance and information-gathering process, making it an ideal choice for the given scenario. Aircrack-ng tool is primarily for assessing the security of wireless networks. While it is a valuable tool for its intended purpose, it does not cover the comprehensive information gathering and reconnaissance needed in the given scenario. Snort is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) tool. While it is a valuable tool for network security, it does not specialize in information gathering and reconnaissance like Recon-ng. Although Metasploit can be in the later stages of a penetration testing engagement, it is not specifically for the initial information gathering and reconnaissance phase.
A network administrator is using Nmap to scan a target host for open ports. Which Nmap scan type is known for being a fast and stealthy technique? A. TCP connect B. TCP SYN C. UDP scans D. Zed Attack Proxy
B. TCP SYN Explanation TCP SYN (-sS) is a fast and stealthy scan type, also known as half-open scanning. The scanning host requests a connection without acknowledging it, and the target's response to the scan's SYN packet identifies the port state. TCP connect (-sT) requires privileged access to the network driver and is less stealthy than other scan types. UDP scans (-sU) can take a long time to complete and are not as stealthy as other scan types. Zed Attack Proxy (ZAP) is not a scan type in Nmap. It is one of many testing tools offered by the Open Web Application Security Project (OWASP).
An attacker needs the following information about his target: domain ownership, domain names, IP addresses, and server types. Which tool is BEST matched for this operation? A. Maltego B. Whois C. Google hacking D. Echosec
B. Whois Explanation Whois is a utility used to gain information about a target network. It can gather information about ownership, IP addresses, domain name, location, and server type. Echosec is a tool that can be used to pull information from social media postings that were made using location services. Maltego is an open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information. Google hacking is the use of more advanced search techniques to mine for company information.
What information will be returned from the following Google search? "-site:.gov -site:.gov.uk filetype:xlsx intitle:password" A. Documents with the word "password" in the title, but not Excel documents, and only docs from .gov and .gov.uk websites. B. Excel documents with the word "password" in the title, but only from .gov and .gov.uk websites. C. Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites. D. Documents with the word "password" in the title, but not Excel documents and not from .gov and .gov.uk websites.
C. Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites. Explanation The Google search returns Excel documents with "password" in the title, but not from .gov and .gov.uk websites. The -site: entries restrict access to sites other than those listed.
As a security analyst for a large financial institution, you want to discover information available through the open ports in your network that could provide hackers with details that could result in guessing software and software versions available in the network. Which of the following would you MOST likely use to discover that information? A. Metasploit Framework B. Wireshark C. Nmap fingerprinting D. Intruder
C. Nmap fingerprinting Explanation The detailed analysis of services on a host is often called fingerprinting. This is because each OS or application software that underpins a network service responds to probes in a unique way. This allows the scanning software to guess the software name and version without having privileged access to the host. You can use Nmap fingerprinting to discover these details. Wireshark is a network packet analyzer that presents captured packet data in as much detail as possible. These details are often unrelated to discovering software and software versions on a network. The Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development. However, it is not specifically designed to collect the details provided by Nmap fingerprinting. Intruder is a cloud-based software designed to help you automatically perform security scans to identify and remediate potential threats. However, it is not specifically designed to collect the details provided by Nmap fingerprinting.
