Comp Security TestOut Questions
Which of the following would be the best open-source tool to use if you are looking for a web server scanner? A) Nessus B) Nikto C) NetScan D) OpenVAS
B) Nikto
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed? A) ACK B) RST C) URG D) FIN
B) RST
Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take? A) Implement policies that restrict the sharing of sensitive company information on employees' personal social media pages. B) Review company websites to see what type of sensitive information is being shared. C) Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups. D) Limit the sharing of critical information in press releases, annual reports, product catalogs, or marketing materials.
C) Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups.
Which of the following best describes the verification phase of the vulnerability management life cycle? A) Is critical to ensure that organizations have monitoring tools in place and have regularly scheduled vulnerability maintenance testing. B) Protect the organization from its most vulnerable areas first and then focus on less likely and less impactful areas. C) Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective. D)Communicate clearly to management what your findings and recommendations are for locking down the systems and patching problems.
C) Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in? A) Covering tracks B) Scanning C) Reconnaissance D) Gaining access
C) Reconnaissance
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back? A) RST B) ACK C) SYN/ACK D) SYN/RST
C) SYN/ACK
Diana, a penetration tester, executed the following command (ls -d testoutdemo.com). Which answer describes what you learn from the information displayed? A) DNS translation is being used. B) There are DNS restrictions in place. C) This is a DNS zone transfer. D) Split DNS is being used.
C) This is a DNS zone transfer.
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using? A) Dumpster diving B) Web surfing C) Social networking D) Social engineering
D) Social engineering
Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing? A) Vulnerability research B) Vulnerability scanning C) Vulnerability assessment D) Vulnerability management
A) Vulnerability research
Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked? A) This scan will help you to determine whether the firewall is stateful or stateless and whether or not the ports are open. B)It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection. C) The scan is sent to the recipient, the feedback is returned to the fake IP address, and then there is no record of your IP address sending the requests. D)As long as you are not bombarding the system, the packet segments float by without concern.
B)It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find? A) The domain admins B) The domain guests C) The built-in administrator D) The built-in guest
D) The built-in guest
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model? A) Transport Layer B)Session Layer C)Network Layer D)Application Layer
D)Application Layer
Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command? A) nmap -sN --script=banner ip_address B) nmap -sT --script=banner ip_address C) nmap -sV --script=banner ip_address D) nmap -sX --script=banner ip_address
C) nmap -sV --script=banner ip_address
Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system? A) Wardialing B) Wardriving C)Banner grabbing D)Firewalking
C)Banner grabbing
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run? A) nmap --script nmap-vulners -sV 10.10.10.195 B) nmap -sC nmap-vulners -sV 10.10.10.195 C) nmap --script vulners -sV 10.10.10.195 D) nmap -sC vulners -sV 10.10.10195
A) nmap --script nmap-vulners -sV 10.10.10.195
Which of the following is the difference between an ethical hacker and a criminal hacker? A) An ethical hacker is nice, clean, and polite, but a criminal hacker isn't. B) A criminal hacker is easily detected, but an ethical hacker isn't. C) An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission. D) A criminal hacker is all-knowing, but an ethical hacker isn't.
C) An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.
Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers? A) CISA B) CVE C) CAPEC D) CWE
C) CAPEC
Which of the following enumeration tools provides information about users on a Linux machine? A) Null session B) PsTools C) finger D) SuperScan
C) finger
Which of the following packet crafting software programs can be used to modify flags and adjust other packet content? A) ping B) Currports C) IP Tools D) Colasoft
D) Colasoft
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data? A) FIN B) SYN C) URG D) PSH
D) PSH
There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site? A) A mailing list that often shows the newest vulnerabilities before other sources. B) A list searchable by mechanisms of attack or domains of attack. C) A community-developed list of common software security weaknesses. D) A list of standardized identifiers for known software vulnerabilities and exposures.
A) A mailing list that often shows the newest vulnerabilities before other sources.
Which of the following best describes active scanning? A) A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws. B) A scanner is limited to the moment in time that it is running and may not catch vulnerabilities that only occur at other times. C) A scanner allows the ethical hacker to scrutinize completed applications when the source code is unknown. D) A scanner tries to find vulnerabilities without directly interacting with the target network.
A) A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.
Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report? A) A vulnerability scanner B) A port scanner C) An antivirus scanner D) A malware scanner
A) A vulnerability scanner
This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done? A) Application flaws B) Open services C) Buffer overflows D) Default settings
A) Application flaws
Which of the following are the three metrics used to determine a CVSS score? A) Base, temporal, and environmental B) Risk, temporal, and severity C) Base, change, and environmental D) Risk, change, and severity
A) Base, temporal, and environmental
The list of cybersecurity resources below are provided by which of the following government sites? Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recovery A) CISA B) CVE C) CAPEC D) CWE
A) CISA
A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used? A) Idle scan B) Xmas tree scan C) NULL scan D) Full open scan
A) Idle scan
Which of the following is the most basic way to counteract SMTP exploitations? A) Ignore messages to unknown recipients instead of sending back error messages. B) Monitor ports, remove agents, update systems, and change default passwords. C) Restrict zones to ensure where zones are copied, use digital signatures, and split zones. D) Review and implement the security settings and services available with your server software.
A) Ignore messages to unknown recipients instead of sending back error messages.
Clive, a penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use? A) Nessus B) NetScan C) Retina CS D) Nikto
A) Nessus
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers? A) nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine) B) nc -n -s 2222 (manager's computer) and nc -lp 192.168.34.91 2222 (Shawn's machine) C) nc -l -s 2222 (manager's computer) and nc -pv 192.168.34.91 2222 (Shawn's machine) D) nc -l -p 2222 (manager's computer) and nc -sv 192.168.34.91 2222 (Shawn's machine)
A) nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats? A) Port scan B) Decoy scan C) Network scan D) Vulnerability scan
D) Vulnerability scan
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful? A) ARIN B) Nslookup C) beSTORM D) Whois
D) Whois
You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep? A) nmap -sU 172.125.68. 1-255 B) nmap -sM 172.125.68. 1-255 C) nmap -sn 172.125.68. 1-255 D) nmap -sS 172.125.68. 1-255
D) nmap -sS 172.125.68. 1-255
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: Inspecting physical security Checking open ports on network devices and router configurations Scanning for Trojans, spyware, viruses, and malware Evaluating remote management processes Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed? A) Internal assessment B) Active assessment C) Passive assessment D) External assessment
A) Internal assessment
What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information? A) Maltego B) Wayback Machine C) Google Earth D) Echosec
A) Maltego
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use? A) SecurityMetrics Mobile B) Nessus Professional C) Network Scanner D) Retina CS for Mobile
A) SecurityMetrics Mobile
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use? A) TCP/UDP 389 B) TCP/UDP 3268 C) TCP/UDP 53 D) TCP/UDP 445
A) TCP/UDP 389
Which of the following best describes IPsec enumeration? A) Is used by most email servers and clients to send email messages. B) Is used to manage devices such as routers, hubs, and switches. C) Uses SIP to enable voice and video calls over an IP network. D) Uses ESP, AH, and IKE to secure communication between VPN endpoints.
D) Uses ESP, AH, and IKE to secure communication between VPN endpoints.
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses? A) External assessment B) Passive assessment C) Host-based assessment D) Vulnerability assessment
D) Vulnerability assessment
Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing? A) Split DNS B)Proxy server C)DNS propagation D)Information sharing policy
A) Split DNS
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services? A)Enumeration B)Sniffing C)Scanning D)Reconnaissance
A)Enumeration
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in? A) Remediation B) Risk assessment C) Verification D) Create a baseline
B) Risk assessment
A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file? A) Usernames and passwords B) No usernames or passwords C)Usernames, but no passwords D)The root username and password
C) Usernames, but no passwords
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses? A) The monitoring phase B) The risk assessment phase C)The verification phase D) The remediation phase
D) The remediation phase
Which enumeration process tries different combinations of usernames and passwords until it finds something that works? A)Zone transfers B)Exploiting SMTP C)Default passwords D)Brute force
D)Brute force
Which of the following solutions creates the risk that a hacker might gain access to the system? A)Service-based B) Product-based C) Tree-based D) Inference-based
A)Service-based
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do? A) Decide the best times to test to limit the risk of having shutdowns during peak business hours. B) Choose the best security assessment tools for the systems you choose to test. C) Create reports that clearly identify the problem areas to present to management. D) Define the effectiveness of the current security policies and procedures.
D) Define the effectiveness of the current security policies and procedures.
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand? A) The risks associated with enforcing security procedures and what threats may have been overlooked. B) How to define the effectiveness of the current security policies and procedures. C) They need a plan of action to control weaknesses and harden systems. D) Hackers have time on their side, and there will always be new threats to security.
D) Hackers have time on their side, and there will always be new threats to security.
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used? A) Fingerprinting B) Ping sweep C) Stealth D) Wardialing
D) Wardialing
Which of the following best describes telnet? A) An online tool that is used to obtain server and web server information. B) A Linux tool that analyzes network traffic and returns information about operating systems. C) A tool that connects to an open TCP port and returns anything sent in a five-second period. D)The tool of choice for banner grabbing that operates on port 23.
D)The tool of choice for banner grabbing that operates on port 23.
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in? A) /etc/shadow B) /etc/group C) /etc/passwd D) /etc/services
A) /etc/shadow
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials? A) A printed materials policy B) A company social media policy C) An employee social media policy D) An internet policy
A) A printed materials policy
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use? A) Currports B) Hping3 C) IP tools D) Angry IP scanner
A) Currports
Which of the following best describes the scan with ACK evasion method? A) Helps determine whether the firewall is stateful or stateless and whether or not the ports are open. B) Returns feedback to the fake IP address and ensures there is no record of the IP address sending the requests. C) Filters incoming and outgoing traffic, provides you with anonymity, and shields you from possible detection. D) Sends packets and breaks them apart so intrusion detection systems don't know what they are.
A) Helps determine whether the firewall is stateful or stateless and whether or not the ports are open
Which of the following is an online tool that is used to obtain server and web server information? A) P0f B)Netcraft C)nmap D)Telnet
B)Netcraft
Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use? A) Netcraft B)P0f C)Shodan D)Telnet
B)P0f
Which of the following ports are used by null sessions on your network? A) 139 and 445 B) 137 and 443 C) 139 and 444 D) 135 and 445
C) 139 and 444
Which of the following assessment types can monitor and alert on attacks but cannot stop them? A) Vulnerability B) Host-based C) Passive D) External
C) Passive
First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. These are the three basic steps in which of the following types of testing? A) Stress B) Patch level C) Penetration D) Baseline
C) Penetration
What port does a DNS zone transfer use? A) TCP 53 B) TCP 139 C) TCP 445 D) TCP 23
C) TCP 445
Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool? A) Echosec B) Google Maps C) Wayback Machine D) Maltego
D) Maltego
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used? A) Decoy scan B) Port scan C) Vulnerability scan D) Network scan
D) Network scan
John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated? A) A company social media policy B) An internet policy C) A printed materials policy D) An employee social media policy
B) An internet policy
The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan? A) Assessment B) Classification C) Target D) Services
B) Classification
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees? A) Intellectual property, critical business functions, and management hierarchy B) Contact names, phone numbers, email addresses, fax numbers, and addresses C) Geographical information, entry control systems, employee routines, and vendor traffic D) Operating systems, applications, security policies, and network mapping
B) Contact names, phone numbers, email addresses, fax numbers, and addresses
Which of the following services is most targeted during the reconnaissance phase of a hacking attack? A) DoS B) DNS C) DHCP D) TLS
B) DNS
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using? A) Beyond Trust B) Fingerprinting C) Ping sweep D) Wardialing
B) Fingerprinting
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators? A) Passive assessment B) Host-based assessment C) Wireless network assessment D) External assessment
B) Host-based assessment
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern? A) Tree-based B) Inference-based C)Service-based D) Product-based
B) Inference-based
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking? A) Permission and documentation B) Information gathering techniques C) Information types D) Maintaining access
B) Information gathering techniques
Which of the following best describes Qualys Vulnerability Management assessment tool? A) It scans for known vulnerabilities, malware, and misconfigurations. B) It is a cloud-based service that keeps all your data in a private virtual database. C) It has more than 50,000 vulnerability tests with daily updates. D) It scans for more than 6,000 files and programs that can be exploited.
B) It is a cloud-based service that keeps all your data in a private virtual database.
After the enumeration stage, you are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked? A) SNMP B) LDAP C) SMTP D) DNS
B) LDAP
Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question? A) CVSS B) NVD C) CWE D) CVE
B) NVD
Whois, Nslookup, and ARIN are all examples of: A) IoT hacking tools B) Network footprinting tools C) Internet research tools D) Google hacking tools
B) Network footprinting tools
Which of the following includes a list of resolved vulnerabilities? A) Statistical vulnerability report B) Security vulnerability summary C) Statistical vulnerability summary D) Security vulnerability report
B) Security vulnerability summary
What does the Google Search operator allinurl:keywords do? A) Shows results in pages that contain the keyword in the title. B) Shows results in pages that contain all of the listed keywords. C) Displays websites where directory browsing has been enabled. D) Displays web sites similar to the one listed.
B) Shows results in pages that contain all of the listed keywords.
Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used? A)Digital signatures B) Split DNS C) DNS zone restriction D) DNS zone transfer
B) Split DNS
You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use? A) nmap -sS xyzcompany.com B) nmap -sV xyzcompany.com C) nmap -sT xyzcompany.com D) nmap -sA xyzcompany.com
B) nmap -sV xyzcompany.com
Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks? A)Scany B) SNscan C) Colasoft D) Currport
B) SNscan
You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use? A) Network Topology Manager B) Scany C) Colasoft D) NetAuditor
B) Scany
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described? A) CISA B) NVD C) CWE D) CVE
C) CWE
Which of the following scans is used to actively engage a target in an attempt to gather information about it? A) Network scan B) Vulnerability scan C) Port scan D) TCP scan
C) Port scan
