Ethical Hacking Module 7
Which of the following best describes active scanning? A scanner tries to find vulnerabilities without directly interacting with the target network. A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws. A scanner is limited to the moment in time that it is running and may not catch vulnerabilities that only occur at other times. A scanner allows the ethical hacker to scrutinize completed applications when the source code is unknown.
A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.
Which of the following are the three metrics used to determine a CVSS score? Base, change, and environmental Base, temporal, and environmental Risk, temporal, and severity Risk, change, and severity
Base, temporal, and environmental
Which of the following solutions creates the risk that a hacker might gain access to the system? Inference-based Tree-based Service-based Product-based
Service-based
Which of the following would be the best open-source tool to use if you are looking for a web server scanner? Nikto NetScan OpenVAS Nessus
Nikto
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run? nmap --script vulners -sV 10.10.10.195 nmap -sC vulners -sV 10.10.10.195 nmap --script nmap-vulners -sV 10.10.10.195 nmap -sC nmap-vulners -sV 10.10.10.195
nmap --script nmap-vulners -sV 10.10.10.195
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described? CVE CISA CWE NVD
CWE
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators? External assessment Host-based assessment Passive assessment Wireless network assessment
Host-based assessment
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses? Vulnerability assessment External assessment Host-based assessment Passive assessment
Vulnerability assessment
First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. These are the three basic steps in which of the following types of testing? Baseline Stress Patch level Penetration
Penetration
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use? Nessus Professional Retina CS for Mobile Network Scanner SecurityMetrics Mobile
SecurityMetrics Mobile
The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan? Assessment Services Classification Target
Classification
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand? The risks associated with enforcing security procedures and what threats may have been overlooked. They need a plan of action to control weaknesses and harden systems. How to define the effectiveness of the current security policies and procedures. Hackers have time on their side, and there will always be new threats to security.
Hackers have time on their side, and there will always be new threats to security.
There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site? A mailing list that often shows the newest vulnerabilities before other sources A community-developed list of common software security weaknesses A list searchable by mechanisms of attack or domains of attack A list of standardized identifiers for known software vulnerabilities and exposures
A mailing list that often shows the newest vulnerabilities before other sources
Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers? CWE CAPEC CISA CVE
CAPEC
The list of cybersecurity resources below are provided by which of the following government sites? •Information exchange •Training and exercises •Risk and vulnerability assessments •Data synthesis and analysis •Operational planning and coordination •Watch operations •Incident response and recovery CAPEC CISA CWE CVE
CISA
Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report? A port scanner A vulnerability scanner A malware scanner An antivirus scanner
A vulnerability scanner
As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use? CAPEC CISA CVSS CVE
CVSS
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do? Decide the best times to test to limit the risk of having shutdowns during peak business hours. Choose the best security assessment tools for the systems you choose to test. Define the effectiveness of the current security policies and procedures. Create reports that clearly identify the problem areas to present to management.
Define the effectiveness of the current security policies and procedures.
Which of the following assessment types can monitor and alert on attacks but cannot stop them? Passive External Vulnerability Host-based
Passive
Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing? Vulnerability management Vulnerability research Vulnerability assessment Vulnerability scanning
Vulnerability research
Clive, penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use? Nessus Nikto Retina CS NetScan
Nessus
This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done? Default settings Application flaws Buffer overflows Open services
Application flaws
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in? Risk assessment Remediation Create a baseline Verification
Risk assessment
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses? The verification phase The remediation phase The risk assessment phase The monitoring phase
The remediation phase
Which of the following includes a list of resolved vulnerabilities? Security vulnerability summary Security vulnerability report Statistical vulnerability report Statistical vulnerability summary
Security vulnerability summary
Which of the following best describes the verification phase of the vulnerability management life cycle? Communicate clearly to management what your findings and recommendations are for locking down the systems and patching problems. Is critical to ensure that organizations have monitoring tools in place and have regularly scheduled vulnerability maintenance testing. Protect the organization from its most vulnerable areas first and then focus on less likely and less impactful areas. Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern? Inference-based Tree-based Service-based Product-based
Inference-based
Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question? CVSS CVE CWE NVD
NVD
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: •Inspecting physical security •Checking open ports on network devices and router configurations •Scanning for Trojans, spyware, viruses, and malware •Evaluating remote management processes •Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed? Active assessment Passive assessment Internal assessment External assessment
Internal assessment
Which of the following best describes Qualys Vulnerability Management assessment tool? It has more than 50,000 vulnerability tests with daily updates It scans for known vulnerabilities, malware, and misconfigurations It is a cloud-based service that keeps all your data in a private virtual database It scans for more than 6,000 files and programs that can be exploited
It is a cloud-based service that keeps all your data in a private virtual database
