Penetest+ - Chpt 1-6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Lucy wants to conduct an nmap scan that does not use a ping before scanning systems. What flag should she use to stop pings from occurring?

-Pn

Which of the following Nmap output formats is unlikely to be useful for a penetration tester?

-oA

Lucca executes the following command during a penetration test. What has he attempted?dig axfr @target.nameserver.com domain.name

A Zone Transfer

Peter uses CeWL as part of the password attack he intends to conduct. What type of attack is he preparing for?

A dictionary attack

Ken is planning to conduct a vulnerability scan of an organization as part of a penetration test. He is conducting a black box test. When would it be appropriate to conduct an internal scan of the network?

After compromising an internal host

Wanda's organization is covered by the PCI DSS credit card processing requirements. What is the minimum frequency with which she must conduct penetration tests?

Annually

The Command and Control phase of the Cyber Kill Chain occurs during what phase of a penetration test?

Attacking and Exploiting

What penetration testing strategy is also known as "zero knowledge" testing?

Black box testing

Theresa wants to reference software architecture vulnerabilities using a common scheme. Which tool could she use to do this?

CVE

A full connect scan (nmap -sT) will bypass many types of firewalls.

False

A sample word list is all that is needed to run John the Ripper against a hashed password file that is acquired from a compromise.

False

An insider threat is the most severe threat an organization is likely to face from the adversary tier.

False

Cloud service providers can be assessed without prior agreements due to their public-facing services.

False

Due to security vulnerabilities in earlier versions, administrators should only configure the use of SSL version 3.

False

Hashcat relies on rainbow tables to quickly look up precomputed hashes using a GPU-driven algorithm.

False

Organized Crime syndicates are most likely to use per-written tools and scripts in their efforts to attack systems and steal data.

False

PCI DSS requires the use of an outside consultant to perform internal vulnerability scans.

False

Penetration testers are only effective if they have experience as malicious hackers.

False

Penetration tests should only be performed by qualified external teams.

False

PowerSploit includes tools designed to maintain persistence on Linux systems.

False

Red team assessments have full knowledge of the target environment.

False

Telnet is a viable protocol to use for terminal administration across public networks such as the internet.

False

Telnet provides encrypted command-line access to remote systems.

False

Which of the following tools is fastest when the password rules are known beforehand, allowing preparation for offline brute-force password hash cracking?

Hashcat

Which one of the following is an example of a credential testing tool?

Hashcat

Yvette is interpreting a vulnerability that has a CVSS base score of 9.3. What risk category would this vulnerability fit into?

High

What is the central authority for IP addresses?

IANA

What control provides the best protection against both SQL injection and cross-site scripting attacks?

Input validation

Alan is evaluating the potential impact of a confidentiality risk and determines that the disclosure of information contained on a system could have a limited adverse effect on the organization. Using FIPS 199, how should he classify the confidentiality impact?

Low

Which one of the following security assessment tools is not commonly used during the information gathering and vulnerability identification phase of a penetration test?

Metasploit

Which of the following is not one of the 3 main goals of Cybersecurity?

Non-repudiation

What step is the most important when conducting a penetration test?

Obtaining a signature from a proper signing authority

Beth is preparing her organization for the required quarterly PCI DSS external vulnerability scan. Who may perform the scan?

Only an approved scanning vendor

What built-in Windows server administration tool can allow command-line PowerShell

PSRemote

Angela discovers Telnet in use for remote command-line access on a network she is assessing. What type of attack will work against Telnet that would not work against ssh?

Packet sniffing

Nick connects to a service on TCP 3389. What remote access tool is he most likely connecting to?

RDP

Which one of the following is an insecure protocol that should not be used?

Telnet

Gary is interpreting a vulnerability scan report and finds a vulnerability in a system that has a CVSS access vector rating of A. Which one of the following statements is correct based upon this information?

The attacker must have access to the local network that the system is connected to.

Charles agrees to run a vulnerability scan against a non-production system rather than the production instance as part of a white box penetration test. What type of concern is most likely behind this agreement?

The organization's tolerance to impact

An MSA sets up the ongoing contractual framework for two organizations to work together.

True

Analysts prioritizing vulnerabilities for remediation should consider the difficulty of remediation when assigning priorities.

True

Cross-compiling code is used to make code run on other architectures.

True

Discovery scans provide organizations with an automated way to identify hosts on a network and build an asset inventory.

True

Logs are a common source of information that can be correlated with vulnerability scan results.

True

NSLOOKUP is an open source information gathering tool

True

Nikto and W3AF are open-source web application vulnerability scanners.

True

Operating system identification primarily relies on banner grabbing to determine the OS version.

True

Organizations may decide not to remediate vulnerabilities due to conflicting business requirements.

True

Penetration testing provides an organization with a blueprint for remediation.

True

Running an nmap scan is a critical part of gathering OSINT.

True

SCADA systems are an example of the Internet of Things.

True

Shodan provides both port and vulnerability information without running an active scan at the time of the search.

True

Snort is not an example of a vulnerability scanning tool?

True

Some vulnerability scans require account credentials to log on to scanned servers.

True

The full range of ports that a UDP service can operate is 1-65,535.

True

Which of the following is not a normal consideration for penetration testers who are preparing the scope and rules of engagement of a pen-test?

Whether the organization uses firewalls

Cassandra receives system architecture diagrams and an XML-based API description as part of her penetration testing preparation. What type of penetration test is she running?

White box

Which one of the following operating systems should be avoided on production networks?

Windows Server 2003

What SCAP component provides a language for specifying checklists?

XCCDF

Which one of the following is NOT a vulnerability scanning tool?

Zap


Ensembles d'études connexes

MTA 98-361 Ch.5 Understanding Desktop Applications Questions

View Set

DH244 interpretation of dental caries

View Set

Listing and Selling HUD Homes (h)

View Set

Nonfiction and Autobiographical Fiction Review

View Set

Chapter 6 life span and development

View Set

Ultimate Study Set MGMT 4500 Exam 1

View Set

Tennessee Laws & Rules Pertinent to Insurance

View Set