pen testing 3-4
Which of the following Nmap output formats is unlikely to be useful for a penetration tester? (-oA, -oS, -oX, -oG)
-oS (script kiddie output & just for fun
Steve is working from an un-privileged user account that was obtained as part of a penetration test. He has discovered that the host he is on has Nmap installed and wants to scan other hosts in his subnet to identify potential targets as part of a pivot attempt. What Nmap flag is he likely to have to use to successfully scan hosts from this account? -sV
-sT
Jack is conducting a penetration test for a customer in Japan. What NIC is he most likely to need to check for information about his client's networks?
APNIC - Asia Pacific NIC covers Asia, Australia, New Zealand, and other countries in the region. RIPE covers central Asia, Europe, the Middle East, and Russia, and ARIN covers the United States, Canada, parts of the Caribbean region, and Antarctica.
ason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?
CPE - common product enumeration
Which one of the following categories of systems is most likely to be disrupted during a vulnerability scan?
Internet of Things (IoT) devices are examples of nontraditional systems that may be fragile and highly susceptible to failure during vulnerability scans. Web servers and firewalls are typically designed for exposure to wider networks and are less likely to fail during a scan.
Karen identifies TCP ports 8080 and 8443 open on a remote system during a port scan. What tool is her best option to manually validate running on these ports? (telnet, a web broswer, ssh)
a web browser (system administrators move services from their common service ports to alternate ports and that 8080 and 8443 are likely alternate HTTP (TCP 80) and HTTPS (TCP 443) server ports, and she will use a web browser to connect to those ports to check them. She could use Telnet for this testing, but it requires significantly more manual work)
what type of tool is snort
an IDS
What tool can white box penetration testers use to help identify the systems present on a network prior to conducting vulnerability scans?
asset inventory
Sarah is conducting a penetration test and discovers a critical vulnerability in an application. What should she do next?
consult the SOW (it may require reporting these issues to management immediately, or it may allow the continuation of the test exploiting the vulnerability.)
What approach to vulnerability scanning incorporates information from agents running on the target servers?
continuous monitoring
sql map is what scanner
dedicated database vulnerability scanner
what is risk appetite
describes an organization's willingness to tolerate risk in their computing environment
what is s the LEAST likely to interfere with vulnerability scanning results achieved by external penetration testers?
encryption
so what is the most likely to interfere with vulnerability scanning results achieved by external penetration testers?
firewalls! also containerization, & IPS
Gary is conducting a black box penetration test against an organization and is gathering vulnerability scanning results for use in his tests. Which one of the following scans is most likely to provide him with helpful information within the bounds of his test? (full or stealth & then internal or external)
full scan as there is no stealth requirement, and external as it is a black box test so you probs don't have access to internals
Which type of organization is the most likely to face a regulatory requirement to conduct vulnerability scans?
government agency bc of Federal Information Security Management Act (FISMA) requires that government agencies conduct vulnerability scans.
After running an SNMP sweep, Greg finds that he didn't receive any results. If he knows there are no network protection devices in place and that there are devices that should respond to SNMP queries, what problem does he most likely have?
having the incorrect community string
Systems have a ________ impact from a confidentiality perspective if the unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. (Low, moderate, high, extremely high)
moderate
what does the Common Vulnerability Scoring System (CVSS) do
provides a standardized approach for measuring and describing the severity of security vulnerabilities. Jessica could use this scoring system to prioritize issues raised by different source systems.
how often do scans have to be run to comply with PCI DSS
quarterly
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner? (Read only, r/w, r/w/x)
read only as Credentialed scans only require read-only access to target servers. Renee should follow the principle of least privilege and limit the access available to the scanner.
Which one of the following activities is not part of the vulnerability management life cycle? (remediation, detection, reporting, testing)
reporting
Which one of the following factors is least likely to impact vulnerability scanning schedules?
staff availability (bc Scan schedules are most often determined by the organization's risk appetite, regulatory requirements, technical constraints, business constraints, and licensing limitations. Most scans are automated and do not require staff availability.)
Adam is conducting a penetration test of an organization and is reviewing the source code of an application for vulnerabilities. What type of code testing is Adam conducting? (Dynamic or static)
static code analysis (Dynamic code analysis requires running the program, and both mutation testing and fuzzing are types of dynamic analysis.)
During an early phase of his penetration test, Mike recovers a binary executable file that he wants to quickly analyze for useful information. Which of the following tools will quickly give him a view of potentially useful information in the binary?
strings. it parses a file for strings of text and outputs them. It is often useful for analyzing binary files, since you can quickly check for useful information with a single quick command-line tool. Netcat, while often called a pen-tester's Swiss Army knife, isn't useful for this type of analysis. Eclipse is an IDE and would be useful for editing code or for managing a full decompiler in some cases.
Nikto is what type of scanner
web application vulnerability
What technique is being used in the following command: host -t axfr domain.com dns1.domain.com
zone transfer. The axfr flag indicates a zone transfer in both dig and host utilities.