Chapter Quiz: CompTIA PenTest+ (PT0-001): 3 Select Your Attacks (Michael Solomon LinkedIN

Question 1

Which attack has the main goal of convincing an authorized user to carry out some action that you, as the attacker, cannot accomplish with just limited access?

A.man-in-the-middle
B.social engineering
C.phishing
D.masquerading

Answer 1

B.social engineering

Question 2

The command within Kali to install sendmail is _____.

A.install sendmail
B.apt- install sendmail
C. get install sendmail
D.apt-get install sendmail

Answer 2

D.apt-get install sendmail

Question 3

Network exploits that attack mail flowing in and out of a particular device are targeting which protocol?

A.Telnet
B.SMTP
C.FTP
D.SNMP

Answer 3

B.SMTP

Question 4

The Metasploit command to use the vsftpd 234 backdoor exploit is _____.

A.msf exploit(ms08_067_netapi) > exploit -j
B.use exploits/unix/ftp/vsftpd_234_backdoor
C.run msf exploit(ms08_067_netapi) > exploit D.execute exploits /unix/ftp/vsftpd_234_backdoor

Answer 4

B.use exploits/unix/ftp/vsftpd_234_backdoor

Question 5

DNS cache poisoning is an example of what type of attack?

A.SQL Injection
B.tear-drop
C.Wireless exploit
D.man-in-the-middle

Answer 5

D.man-in-the-middle

Question 6

A(n) _____ is a rogue access point that is typically going to use the same SSID as a valid SSID or a valid WAP, and you are going to get your clients or your victims to connect to it.

A.snarf
B.ssid
C.fakessid
D.evil twin

Answer 6

D.evil twin

Question 7

Which command in SQL means you’re going to add another command and you’re going to produce the output as the combination of the two outputs?

A.union
B.merge
C.combine
D.join

Answer 7

A.union

Question 8

This application exploit is designed to send a user to a different site from what they were expecting.

A.credential harvesting
B.session hijacking
C.phishing
D.redirecting

Answer 8

D.redirecting

Question 9

How should a pen tester think?

A.like a manager
B.like a tester
C.like an attacker
D.like a developer

Answer 9

C.like an attacker

Question 10

Which of the following is not a stage of the kill chain?

A.Reconnaissance
B.Weaponisation
C.Exploitation
D.Revalidation

Answer 10

D.Revalidation

Question 11

We can use DOS commands in Powershell.

A.TRUE
B.FALSE

Answer 11

A.TRUE

Question 12

The expression nc 10.0.2.8 4545 will listen for connections

A.TRUE
B.FALSE

Answer 12

B.FALSE

Question 13

Which switch or switches are used to identify the operating system?

A.sn
B.sU
C.PS
D.O

Answer 13

D.O

Question 14

What switch is used to save tcpdump output as a pcap file?

A.ip4
B.w
C.p
D.c

Answer 14

B.w

Question 15

What does the -es switch do when used with netstat?

A.shows the process id associated with connections
B.show tcp ports
C.list all active servers
D.shows the number of active and passive ports

Answer 15

D.shows the number of active and passive ports

Question 16

What Nishang command do we use if we want to create a maliciously modified excel spreadsheet?

A.Out-Excel
B.Bypass-Doc
C.Inject-X
D.Brute-Excel

Answer 16

D.Brute-Excel

Question 17

We must always use a RETURN command to exit a function in Bash.

A.TRUE
B.FALSE

Answer 17

B.FALSE

Question 18

What expression do we use to access the second command line argument in Bash?

A.$1
B.$2
C.arg2
D.arg1

Answer 18

$2

Question 19

Scapy allows us to spoof the source address and port in a packet.

A.TRUE
B.FALSE

Answer 19

A.TRUE

Question 20

We have to declare variable types in Python before we use them.

A.TRUE
B.FALSE

Answer 20

B.FALSE

Question 21

What library do we need to import to access command line arguments in Python?

A.sys
B.command
C.system
D.cmd

Answer 21

A.sys

Question 22

What value is returned from the Python socket library expression s.connect_ex() if the socket is open?

A.0
B.1
C.FFF
D.-1

Answer 22

A.0

Question 23

What method do we use from the urllib library to connect to a website?

A.urlHTTP
B.urlget
C.urlopen
D.urlconnect

Answer 23

C.urlopen

Question 24

What is the purpose of the expression meta.rc in the command os.system(‘msfconsole -r meta.rc’)?

A.To tell metasploit to invoke the meterpreter
B.to identify processing and memory resources
C.to specify the file containing metasploit commands
D.to capture the output from the metasploit run

Answer 24

C.to specify the file containing metasploit commands

Question 25

What library do we import to access SQLite databases in Python?

A.sqlite3
B.SQL
C.sqlite1
D.sqeual

Answer 25

A,sqllite3

Question 26

What does the searchsploit tool in Kali do?

A.Tests a system for exploitability
B.queries the Offensive Security Exploits Database
C.embeds malicious code into a search engine
D.,does a web scan looking for vulnerable search engines

Answer 26

B.queries the Offensive Security Exploits database

Question 27

What command do I use in metasploit to select an exploit?

A.get
B.use
C.exploit
D.set exploit

Answer 27

B.use

Question 28

Which port does OpenVas use for its portal?

A.4444
B.3777
C.9392
D.8080

Answer 28

C.9392

Question 29

What are the two key ways of testing a website?

A.crawling, intercepting
B.spidering, crawling
C.hacking, defacing
D.intercepting, inserting

Answer 29

A.crawling, intercepting

Question 30

If we want to test a website by changing data going in, what do we need to do?

A.display the request tab
B.set intercept on
C.set our browser to proxy
D.all of these answers

Answer 30

D.all of these answers

Question 31

What is the purpose of the -h switch in Nikto?

A.to get help
B.to specify the host
C.to halt execution after a set period
D.to specify hexadecimal addresses

Answer 31

B.to specify the host

Question 32

Which tool or tools can we use to fingerprint a web server?

A.uniscan
B.httprint
C.httprecon
D.all of these answers

Answer 32

D.all of these answers

Question 33

Zoe is reviewing debugger tools that will work across platforms. Which tool would you recommend Zoe use?

A.WinDBG
B.IDA
C.FIndBugs
D.GDB

Answer 33

B.IDA (Interactive Disassembler)

Question 34

Chun is searching for a wireless and a web pen testing tool. In order for him to see all the network traffic around him, which environment should he refrain from using?

A.A Linux environment
B.A Kali Linux Environment
C.A Windows Environment
D.A macOS environment

Answer 34

C.A Windows Environment

Question 35

What do SSH, NCAT, NETCAT, and Proxychains tools do?

A.These are web server tools that help you identify vulnerabilities
B.These are open source research tools that help you analyze responses from other tools
C,These are web pen testing tools that help you see everything ina network
D.these are remote access tools that help you give you remote access to a target resource

Answer 35

D.these are remote access tools that help you give you remote access to a target resource

Question 36

Which benefit of Kali Linux would help you hone in on the tool you need?

A.It is open source
B.It has hundred of tools
C.It is organized by use cases
D.It is free

Answer 36

C.It is organized by use cases

Question 37

You are looking for a penetration tool that will help you discover user IDs. Which tool can do this?

A.Nikto
B.Nessus
C.OpenVAS
D.John the Ripper

Answer 37

D.John the Ripper

Question 38

Which tool would you use as a security scanner to discover as many hosts and services as you can on a computer network?

A.nmap -sT
B.nmap -sS
C.nmap -A
D.nmap sA

Answer 38

C.nmap -A

Question 39

Why would a pen tester choose to use Kali Linux?
A.It has all the tools you need to do a pentest
B.It is free and a simulated version of Linux RedHat
C.Its easily available and accessible, and you can use it in different ways
D.It is the only Linux OS that is available to do pen testing.

Answer 39

C.Its easily available and accessible, and you can use it in different ways

Question 40

What Nmap command can you use to scan an IPv6 address?

A.nmap -longaddr
B.nmap -no4
C.nmap -6
D.nmap -ipv6

Answer 40

C.nmap -6

Question 41

What flag should you provide to Nmap to run a UDP scan?

A.nmap -connectionless
B.`nmap -sU
C.nnap -UDP
D.nmap -sUDP

Answer 41

B.`nmap -sU

Question 42

What type of TCP scan can you run with Nmap without root administrative privileges?

A.TCP NULL
B.TCP SYN
C.Xmas
D.TCP Connect

Answer 42

D.TCP Connect

Question 43

What Nmap command allows you to specify the DNS server to use for reverse resolution?

A.nmap –dns-servers
B.nmap –reverse-server
C.nmap –system-dns
D.nmap –rdns-server

Answer 43

A.nmap –dns-servers

Question 44

What Nmap command disables host discovery?

A.nmap -0
B.nmap -off
C.nmap -Pn
D.nmap –no-host-discovery

Answer 44

C.nmap -Pn

Question 45

Which one of the following Nmap timing templates is the most aggressive?

A.-T2
B.-T5
C.-T3
D.-T0

Answer 45

B.-T5

Question 46

How many ports will Nmap scan by default?

A.100
B.65535
C.1024
D.1000

Answer 46

D.1000

Question 47

This Nmap command activates service version detection:

A.-vS
B.-sV
C.–serv-version
D.–service

Answer 47

B.-sV

Question 48

This Nmap command activates operating system detection:

A.-OSC
B.-O
C.–os-detect
D.-OS

Answer 48

B.-O

Question 49

What Nmap command generates an output file in human-readable text form?

A.-oT
B.-oX
C.-oG
D.-oN

Answer 49

D.-oN

Question 50

What Nmap command triggers verbose mode?

A.–verbose-mode
B.–details
C.-v
D.–full-report

Answer 50

C.-v