Chapter 5: Security Assessment and Testing

Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred? False positive False negative True positive True Negative

False Positive

Grace would like to determine the operating system running on the system that she is targeting in a penetration test. Which of the following techniques will most directly provide her with this information? Port scanning Footprinting Vulnerability scanning Packet capture

Footprinting is specifically designed to elicit this information

Which of the following values for the CVSS attack complexity metric would indicate that the specific attack is the simplest to exploit?

Low

Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk would this vulnerability fall into? Low Medium High Critical

Medium

Which of the following security assessment tools is least likely to be used during a reconnaissance phase of a penetration test? Nmap Nessus Metasploit Nslookup

Metaploit is used to execute and attack and would be better suited for attacking and exploiting during the exploiting phase.

Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner? Domain administrator Local administrator Root Read-only

Read-Only

Kevin is participating in a security exercise for his organization. His role in the exercise is to use hacking techniques to attempt to gain access to the organization's system. What role is Kevin playing in this exercise? Red team Blue team Purple Team White team

Red Team

Which of the following security assessment techniques assumes that an organization has already been compromised and searches for evidence of the compromise? Vulnerability scanning Penetration testing Threat hunting War driving

Threat hunting

Which of the following tools is most likely to detect a XSS vulnerability? Static application test Web application vulnerability scanner Intrusion detection system Network vulnerability scan

Web application vulnerability scanner because XSS means cross-site scripting vulnerability.

Which element of the SCAP framework can be used to consistently describe vulnerabilities? CPE CVE CVSS CCE

(CVE) Common Vulnerabilities and Exposure provides standards used to describe vulnerabilities.

Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information? Contract statement work rules of engagement lessons learner report

(RoE) Rules of engagement

Which of the following assessment techniques is designed to solicit participation from external security experts and reward them for discovering vulnerabilities? Threat hunting Penetration testing Bug bounty Vulnerability scanning

Bug bounty

Brian ran a penetration test against a school's grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school's cybersecurity team to prevent students from engaging in this type of activity? Confidentiality Integrity Alteration Availability

Integrity because it is unauthorized modification of information

During a penetration test from the Internet, Patrick deploys a toolkit on a compromised system and uses it to gain access to the other system on the same network. What term best describes this activity? Lateral Movement Privilege escalation Footprinting OSINT

Lateral Movement

Which of the following CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack? AV C PR AC

PR is privileges required

Kyle is conducting a penetration test. After gaining access to the organization's database serve, he installs a backdoor on the server to grant himself access in the future. What term best describes this action? Privilege escalation Lateral movement Maneuver Persistence

Persistence

Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan? Run the scan against production systems Run the scan during business hours. Run the scan in a test environment. Do not run the scan to avoid disrupting the business.

Run the scan in a test environment.

Which of the following techniques would be considered passive reconnaissance? Port scans Vulnerability scan WHOIS lookups Footprinting

WHOIS use external registries and are an example of OSINT. The rest are active reconnaissance techniques.

Bruce is conducting a penetration test for a client. The client provided him with the detailsof their system in advance. What type of test is Bruce conduction? Gray box Blue box White box Black box

White box