Penetest+ - Chpt 1-6
Lucy wants to conduct an nmap scan that does not use a ping before scanning systems. What flag should she use to stop pings from occurring?
-Pn
Which of the following Nmap output formats is unlikely to be useful for a penetration tester?
-oA
Lucca executes the following command during a penetration test. What has he attempted?dig axfr @target.nameserver.com domain.name
A Zone Transfer
Peter uses CeWL as part of the password attack he intends to conduct. What type of attack is he preparing for?
A dictionary attack
Ken is planning to conduct a vulnerability scan of an organization as part of a penetration test. He is conducting a black box test. When would it be appropriate to conduct an internal scan of the network?
After compromising an internal host
Wanda's organization is covered by the PCI DSS credit card processing requirements. What is the minimum frequency with which she must conduct penetration tests?
Annually
The Command and Control phase of the Cyber Kill Chain occurs during what phase of a penetration test?
Attacking and Exploiting
What penetration testing strategy is also known as "zero knowledge" testing?
Black box testing
Theresa wants to reference software architecture vulnerabilities using a common scheme. Which tool could she use to do this?
CVE
A full connect scan (nmap -sT) will bypass many types of firewalls.
False
A sample word list is all that is needed to run John the Ripper against a hashed password file that is acquired from a compromise.
False
An insider threat is the most severe threat an organization is likely to face from the adversary tier.
False
Cloud service providers can be assessed without prior agreements due to their public-facing services.
False
Due to security vulnerabilities in earlier versions, administrators should only configure the use of SSL version 3.
False
Hashcat relies on rainbow tables to quickly look up precomputed hashes using a GPU-driven algorithm.
False
Organized Crime syndicates are most likely to use per-written tools and scripts in their efforts to attack systems and steal data.
False
PCI DSS requires the use of an outside consultant to perform internal vulnerability scans.
False
Penetration testers are only effective if they have experience as malicious hackers.
False
Penetration tests should only be performed by qualified external teams.
False
PowerSploit includes tools designed to maintain persistence on Linux systems.
False
Red team assessments have full knowledge of the target environment.
False
Telnet is a viable protocol to use for terminal administration across public networks such as the internet.
False
Telnet provides encrypted command-line access to remote systems.
False
Which of the following tools is fastest when the password rules are known beforehand, allowing preparation for offline brute-force password hash cracking?
Hashcat
Which one of the following is an example of a credential testing tool?
Hashcat
Yvette is interpreting a vulnerability that has a CVSS base score of 9.3. What risk category would this vulnerability fit into?
High
What is the central authority for IP addresses?
IANA
What control provides the best protection against both SQL injection and cross-site scripting attacks?
Input validation
Alan is evaluating the potential impact of a confidentiality risk and determines that the disclosure of information contained on a system could have a limited adverse effect on the organization. Using FIPS 199, how should he classify the confidentiality impact?
Low
Which one of the following security assessment tools is not commonly used during the information gathering and vulnerability identification phase of a penetration test?
Metasploit
Which of the following is not one of the 3 main goals of Cybersecurity?
Non-repudiation
What step is the most important when conducting a penetration test?
Obtaining a signature from a proper signing authority
Beth is preparing her organization for the required quarterly PCI DSS external vulnerability scan. Who may perform the scan?
Only an approved scanning vendor
What built-in Windows server administration tool can allow command-line PowerShell
PSRemote
Angela discovers Telnet in use for remote command-line access on a network she is assessing. What type of attack will work against Telnet that would not work against ssh?
Packet sniffing
Nick connects to a service on TCP 3389. What remote access tool is he most likely connecting to?
RDP
Which one of the following is an insecure protocol that should not be used?
Telnet
Gary is interpreting a vulnerability scan report and finds a vulnerability in a system that has a CVSS access vector rating of A. Which one of the following statements is correct based upon this information?
The attacker must have access to the local network that the system is connected to.
Charles agrees to run a vulnerability scan against a non-production system rather than the production instance as part of a white box penetration test. What type of concern is most likely behind this agreement?
The organization's tolerance to impact
An MSA sets up the ongoing contractual framework for two organizations to work together.
True
Analysts prioritizing vulnerabilities for remediation should consider the difficulty of remediation when assigning priorities.
True
Cross-compiling code is used to make code run on other architectures.
True
Discovery scans provide organizations with an automated way to identify hosts on a network and build an asset inventory.
True
Logs are a common source of information that can be correlated with vulnerability scan results.
True
NSLOOKUP is an open source information gathering tool
True
Nikto and W3AF are open-source web application vulnerability scanners.
True
Operating system identification primarily relies on banner grabbing to determine the OS version.
True
Organizations may decide not to remediate vulnerabilities due to conflicting business requirements.
True
Penetration testing provides an organization with a blueprint for remediation.
True
Running an nmap scan is a critical part of gathering OSINT.
True
SCADA systems are an example of the Internet of Things.
True
Shodan provides both port and vulnerability information without running an active scan at the time of the search.
True
Snort is not an example of a vulnerability scanning tool?
True
Some vulnerability scans require account credentials to log on to scanned servers.
True
The full range of ports that a UDP service can operate is 1-65,535.
True
Which of the following is not a normal consideration for penetration testers who are preparing the scope and rules of engagement of a pen-test?
Whether the organization uses firewalls
Cassandra receives system architecture diagrams and an XML-based API description as part of her penetration testing preparation. What type of penetration test is she running?
White box
Which one of the following operating systems should be avoided on production networks?
Windows Server 2003
What SCAP component provides a language for specifying checklists?
XCCDF
Which one of the following is NOT a vulnerability scanning tool?
Zap