Cram

Question 1

What standard was developed by business professionals as a best practice guide/methodology for conducting penetration testing?

Answer 1

Penetration Testing Execution Standard (PTES)

Question 2

What organization aimed at increasing awareness and provides a framework for testing during each phase of the software development process?

Answer 2

Open Web Application Security Project (OWASP)

Question 3

What guide provides different steps for the testing process and outlines the importance of assessing the entire organization, including the people, processes, and technology, during a penetration test?

Answer 3

OWASP Testing Guide (OTG)

Question 4

What manuel was developed by the Institute for Security and Open Methodologies (ISECOM) and outlines every area of an organization that needs testing and how to conduct the relevant tests?

Answer 4

The Open Source Security Testing Methodology Manual (OSSTMM)

Question 5

What framework is considered a open-source resource available to cybersecurity professionals and comprised of documents that relate to penetration testing, such as guidelines on business continuity and disaster recovery along with legal and regulatory compliance?

Answer 5

The Information Systems Security Assessment Framework (ISSAF)

Question 6

What framework provides tools and techniques displayed as columns in a matrix that describe different tasks conducted by an attacker or penetration tester during an engagement?

Answer 6

The “MITRE ATT&CK” (Adversarial Tactics, Techniques & Common Knowledge) framework

Question 7

What contract agreement is reached between two or more parties where each party agrees to most terms that will govern all other future transactions and agreements?

Answer 7

Master Services Agreement (MSA)

Question 8

What agreement covers conditions such as: Payment terms, Product warranties, Intellectual property ownership, Dispute resolution, Allocation of risk, and Indemnification, corporate social responsibility, business ethics, network facility access?

Answer 8

Master Services Agreement (MSA)

Question 9

What formal document, employed in the field of project management and provisional found in the MSA, explains the problem to be solved, work activities, project deliverables, and timeline for work completion?

Answer 9

Statement of Work (SOW)

Question 10

What document addresses - Purpose, Scope of work, Location of work, Period of performance, Deliverables schedule, Applicable industry standards, Acceptance criteria, Special requirements, Payment schedule?

Answer 10

Statement of Work (SOW)

Question 11

What document puts into writing guidelines and constrains regarding the execution of a pentest (what is and is not authorized)?

Answer 11

Rules of Engagement (RoE)

Question 12

What document elaborates on these subjects: scope, location, applicable industry standards, and timelines?

Answer 12

Rules of Engagement (RoE)

Question 13

What does a XML injection do?

Answer 13

Manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter an application’s intended logic. XML Injection can cause the insertion of malicious content into resulting messages/documents.

Question 14

What is the difference between Password spraying & Credential stuffing?

Answer 14

Credential stuffing is the automated injection of breached username/password pairs VS. Password spraying refers to the attack method that takes many usernames and loops them with a single password or multiple iterations using many different passwords.

Question 15

What attack uses specially crafted URL that includes attack code that will cause information that users enter into their web browser to be sent to the attacker?

Answer 15

Cross-Site Scripting (XSS)

Question 16

What is CSRF?

Answer 16

Cross-Site Request Forgery -a client-side injection attack that causes a user to perform an action they do no intend against a trusted website.

Question 17

What is a Dictionary Attack?

Answer 17

A technique for defeating a cipher or authentication mechanism by trying hundreds or millions of likely possibilities, such as words in a dictionary.

Question 18

What is the difference between Bluejacking & Bluesnarfing?

Answer 18

Bluejacking sends unsolicited messages over Bluetooth VS. Bluesnarfing involves taking data from a smartphone or tablet over Bluetooth without permission.

Question 19

What system is designed to protect network devices based on ports, protocols, and signatures?

Answer 19

Intrusion Prevention System (IPS)

Question 20

De-confliction is the process of…. ?

Answer 20

Distinguishing a pentest from an actual compromise or other activity to help resolve contradictory conclusions or responses.

Question 21

What is De-escalation?

Answer 21

A process for addressing potential issues as quickly as possible in order to minimize or mitigate impact.

Question 22

What does fraggle, teardrop, and Smurf attack have in common?

Answer 22

They are all a form of DoS

-A fraggle attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router’s broadcast address.
-A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented TCP packets to a target machine.
-The Smurf attack is a distributed denial-of-service attack (DDoS). Large numbers of ICMP packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.

Question 23

What type of technique is MAC flooding?

Answer 23

A technique employed to compromise the security of switched network devices. It forces legitimate MAC addresses out of the CAM table in the switch and forces a unicast flooding behavior, potentially sending sensitive information to portions of the network where it is not normally intended to go.

Question 24

What is a karma attack?

Answer 24

A variant of the evil twin attack that exploits the behavior of a wireless client trying to connect to its preferred network list.

Question 25

What is a pass the hash attack?

Answer 25

A network-based attack where the attacker steals hashed user credentials and uses them as-is to try to authenticate to the same network

Question 26

What is the difference between a stateless packet inspection vs. stateful packet inspection firewall ?

Answer 26

A stateless packet inspection firewall allows or denies packets based on source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.) VS. A stateful packet inspection firewall determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules.

Question 27

What is a “TTL exceeded message” a good indication of?

Answer 27

The port is being filtered by a firewall and not the gateway itself.

Question 28

What is JAD?

Answer 28

Java Application Decompiler

Question 29

What is ProxyChains and what must it be combined with?

Answer 29

A tool that allows a penetration tester to pivot to a new subnet, combined with the modification of the penetration tester’s routing tables.

Question 30

False positive

Answer 30

Think false problem - situation where a test case fails, but in actuality there is no bug and functionality is working correctly

Question 31

False negative

Answer 31

false senses of security - by indicating you don’t have a vulnerability when in fact you do. T=-

Question 32

True positive

Answer 32

A true positive is an outcome where the model correctly predicts the positive class. you said it was and it was

Question 33

True negative

Answer 33

you said it wasn’t and it wasn’t