Penetration Testing Flashcards
Tom is running a penetration test in a web application and discovers a flaw that allows him to shut down the web server remotely. What goal of penetration testing has Tome most directly achieved?
a. Disclosure
b. Integrity
c. Alteration
d. Denial
d. Denial. Tom’s attack achieved the goal of denial by shutting down the web server and preventing legitimate users from accessing it.
Brian ran a penetration test against a school’s grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school’s cybersecurity team to prevent students from engaging n this type of activity?
a. Confidentiality
b. Integrity
c. Alteration
d. Availability
b. Integrity. By allowing students to change their own grades, this vulnerability provides a pathway to unauthorized alteration o f information. Brian should recommend that the school deploy integrity controls that prevent unauthorized modifications.
Edward Snowden gathered a massive quantity of sensitive information from the National Security Agency and released it to the media without permission. What type of attack did he wage?
a. Disclosure
b. Denial
c. Alteration
d. Availability
a. Disclosure. Snowden released sensitive information to individuals and groups who were not authorized to access that information. That is an example of a disclosure attack.
Assuming no significant changes in a organization’s cardholder data environment, how often does PCI DSS require that a merchant accepting credit cards conduct penetration testing?
a. Monthly
b. Semiannually
c. Annually
b. Biannually
c. Annually. PCI DSS requires that organizations conduct both internal and external penetration tests on at least an annual bases. Organizations must also conduct testing after any significant change in the cardholder data environment.
Which one of the following is not a benefit of using an internal penetration testing team?
a. Contextual knowledge
b. Cost
c. Subject matter expertise
d. Independence
d. Independence. The use of internal testing teams may introduce conscious or unconscious bias into the penetration testing process. This lack of independence is one reason organizations may choose to use an external testing team.
Which one of the following is not a reason to conduct periodic penetration tests of systems and applications?
a. Changes in the environment
b. Cost
c. Evolving threats
d. New team members
b. Costs. Repeating penetration tests periodically does not provide cost benefits to the organization. In fact, in incurs cost. However, penetration tests should be repeated because they can detect issues that arise due to changes in the tested environment and the evolving threat landscape. The use of new team members also increases the independence and subsequent tests.
Rich recently got into trouble with a client for using an attack tool during a penetration test that caused a system outage. During what stage of the penetration testing process should Rich and his clients have agreed on the tools and techniques that they would use during the test?
a. Planning and Scoping
b. Information Gathering and Vulnerability Scanning
c. Attacking and Exploiting
d. Reporting and Communication Results
a. Planning and Scoping. During the Planning and Scoping phase, penetration testers and their clients should agree on the rules of engagement for test. This should result in a written statement of work that clearly outlines the activities authorized during the penetration test.
Which one of the following steps of the Cyber Kill Chain does not map to the Attacking and Exploiting stage of the penetration testing phase.
a. Weaponization
b. Reconnaissance
c. Installation
d. Actions on Objectives
b. Reconnaissance. The Reconnaissance stage of the Cyber Kill Chain maps to the Information Gathering and Vulnerability Scanning step of the penetration testing process. The remaining six steps of the Cyber Kill Chain all map to the Attacking and Exploiting phase of the penetration testing process.
Beth recently conducted a phishing attack against a penetration testing target in an attempt to gather credentials that she might use in later attacks. What stage of the penetration testing process is Beth in?
a. Planning and Scoping
b. Attacking and Exploiting
c. Information Gathering an Vulnerability Scanning
d. Reporting and Communication
b. Attacking and Exploiting. While Beth is indeed gathering information during a phishing attack, she is conducting an active social engineering attack. This moves beyond the activities of Information Gathering and Vulnerability Scanning and moves into the realm of Attacking and Exploiting.
Which one of the following security assessment tools is not commonly used during the Information Gathering and Vulnerability Scanning phase of a penetration phase of a penetration test?
a. Nmap
b. Nessus
c. Metasploit
d. Nslookup
c. Metasploit. Nmap is a port scanning tool used to enumerate open network ports on a system. Nessus is a vulnerability scanner designed to detect security issues on a system. Nslookup is a DNS information gathering utility. All three of these tools may be used to gather information and detect vulnerabilities. Metasploit is an exploitation framework used to execute and attack and would be better suited for the Attacking and Exploiting phase of a penetration test.
During what phase of the Cyber Kill Chain does an attacker steal information, use computing resources, or alter information without permission?
a. Weaponization
b. Installation
c. Actions on Objectives
d. Command and Control
c. Actions on Objectives. The attacker carries out their original intentions to violate the confidentiality, integrity, and/or availability of information or systems during the Actions on Objectives stage of the Cyber Kill Chain.
Grace is investigating a security incident where the attackers left USB drives containing infected files in the parking lot of an office building. What stage in the Cyber Kill Chain describes this action?
a. Weaponization
b. Installation
c. Delivery
d. Command and Control
c. Delivery. Distributing infected media (or leaving it in a location where it is likely to be found) is an example of the Delivery phase of the Cyber Kill Chain. The process moves from Delivery into Installation if a user executes the malware on the device.
Which one of the following is not an open source intelligence gathering tool?
a. WHOIS
b. Nslookup
c. Nessus
d. FOCA
c. Nessus. WHOIS and Nslookup are tools used to gather information about domains and IP addresses. FOCA is used to harvest information from files. All three of those tools are OSINT tools. Nessus is a commercial vulnerability scanner.
Which one of the following tools is an exploitation framework commonly used by penetration testers?
a. Metasploit
b. Wireshark
c. Aircrack-ng
d. SET
a. Metasploit. Metasploit is the most popular exploitation framework used by penetration testers. Wireshark is a protocol analyzer. Aircrack-ng is a wireless network secutity testing tool. The Social Engineer Toolkit SET is a framework for conducting social engineering attacks.
Which one of the following tools is not a password-cracking utility?
a. OWASP ZAP
b. Cane and Abel
c. Hashcat
d. Jack the Ripper
a. OWASP ZAP. Cain and Abel, Hashcat, and Jack the Ripper are all password-cracking utilities. OWASP ZAP is a web proxy tool.
